webzoom_1002.exe

Tester Unit

The application webzoom_1002.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.hippb.com.
Product:
Tester Unit

Description:
Main Tester Unit

Version:
1.1.0.29

MD5:
2fd8b6fc77dbd75151248081faa3be04

SHA-1:
40dcde01a4d4375684487251b5938ebae1218b36

SHA-256:
1a3f952115a585a8869e87213c47e8eb7f5c3528c2e5ce390ca138dfef6d8374

Scanner detections:
31 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 11:23:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.77915
364

Agnitum Outpost
PUA.ClickPotato
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.30

Avira AntiVirus
TR/Strictor.480240
8.3.1.6

avast!
Win64:Adware-N [Adw]
2014.9-160206

AVG
Generic6
2017.0.2842

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.1626

Bitdefender
Gen:Variant.Adware.Strictor.77915
1.0.20.185

Comodo Security
ApplicUnwnt
22268

Dr.Web
Trojan.DownLoader12.31163
9.0.1.037

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.77915
8.16.02.06.11

ESET NOD32
Win32/Adware.PennyBee
10.11705

Fortinet FortiGate
Riskware/PUP_z
2/6/2016

F-Secure
Gen:Variant.Adware.Strictor
11.2016-06-02_7

G Data
Gen:Variant.Adware.Strictor.77915
16.2.25

IKARUS anti.virus
AdWare.Win32.PennyBee
t3scan.1.9.2.0

K7 AntiVirus
Adware
13.204.16076

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.703

Malwarebytes
PUP.Optional.WebZoom.A
v2016.02.06.11

McAfee
Artemis!2FD8B6FC77DB
5600.6498

Microsoft Security Essentials
Adware:Win32/ZoomyLib
1.1.11701.0

MicroWorld eScan
Gen:Variant.Adware.Strictor.77915
17.0.0.111

Panda Antivirus
Trj/CI.A
16.02.06.11

Quick Heal
AdWare.ZoomyLib.r4 (Not a Virus)
2.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1845D82C!407230508
23.00.65.16204

Sophos
Generic PUA GB
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9340

Trend Micro House Call
TROJ_GE.F1D1ACA1
7.2.37

Trend Micro
TROJ_GE.F1D1ACA1
10.465.06

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40662

File size:
1.1 MB (1,125,997 bytes)

Product version:
1.1.0.29

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\webzoom_1002.exe

File PE Metadata
Compilation timestamp:
6/6/2009 2:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:5EQEfRBM+3j98IXzC+YwJ+8JLPdBiYp4bzVxCg2q:5EfTMmj98IewJTLPpwTCg2q

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9866

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file webzoom_1002.exe has been seen being distributed by the following URL.

Remove webzoom_1002.exe - Powered by Reason Core Security