home

UltraZipSetup.exe

UltraZip

Softmaking srl

The file UltraZipSetup.exe by Softmaking srl has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.ultrazip.com.
Publisher:
Softmaking  (signed by Softmaking srl)

Product:
UltraZip

Version:
2.0.0.0

MD5:
0b0110e242679d6ac7fbe2f2c3cb565c

SHA-1:
8b4969427ceb05da107046a7b60e5afd9d5f515d

SHA-256:
d249378bd7803464679524c5237870160bcdfb29f03d50c0ef5c3de7d13274db

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:53:52 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Softmakingsrl.Installer (M)
15.11.23.16

File size:
3.4 MB (3,566,496 bytes)

Product version:
2.0.0.0

Copyright:
© UltraZip 2015

Original file name:
UltraZipSetup.exe

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States d'America)

Common path:
C:\users\{user}\appdata\local\temp\awh1f6f.tmp

Digital Signature
Signed by:
Softmaking srl

Authority:
VeriSign, Inc.

Valid from:
10/7/2015 2:00:00 AM

Valid to:
11/27/2016 12:59:59 AM

Subject:
CN=Softmaking srl, O=Softmaking srl, L=Roma, S=Italia, C=IT

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
32D48A01B0F42131BAB98E502CE0393D

File PE Metadata
Compilation timestamp:
10/7/2014 6:40:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:NEEerQzJn45XvZ3+3E+y9XsmNttAIZRFNEdjpEZ+Jnc:SO41vZu3E998wt+qNQjpU+5c

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, C0, 2D, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 58, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file UltraZipSetup.exe has been seen being distributed by the following URL.

http://www.ultrazip.com/.../UltraZipSetup.exe

Remove UltraZipSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.