» z-zipsetup okay.exe
Overview
Analysis
File Details
Downloads (5)

z-zipsetup okay.exe

Bihe

Colifile SLU

The application z-zipsetup okay.exe, “Bihe Setup ” by Colifile SLU has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.giftlaboratorygift.com and multiple other hosts.

File name:

z-zipsetup okay.exe

Publisher:

Bemude (signed by Colifile SLU)

Product:

Bihe

Description:

Bihe Setup

Version:

1.5.5.7

MD5:

d9ab4db30150276563e620bbd03c52d4

SHA-1:

f50cd7e1e67b8864f7e8b0e93b6af1c07d1f0c4f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 10:31:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.10.22.18

File size:

1.1 MB (1,141,712 bytes)

Product version:

3.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\z-zipsetup okay.exe

Digital Signature

Signed by:

Colifile SLU

Authority:

Symantec Corporation

Valid from:

11/18/2015 4:00:00 PM

Valid to:

11/18/2016 3:59:59 PM

Subject:

CN=Colifile SLU, O=Colifile SLU, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

1D8228BD3D6A0EADA24B1453F4593406

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0qiN9fMsQ9wNEDEnIfgfi8OI1UOtqbDAsGHeqZJiragSBmlvcAb+HP:0jXfMsQOKEWgfnFbq0HoOgcmeAS

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9824

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file z-zipsetup okay.exe has been seen being distributed by the following 5 URLs.

http://www.giftlaboratorygift.com/GYcrMNM9GDcRu7MgDCVP8b6aazK4RT5b6w Lt1CiCR5fP oogWs1r50uEsyJHV8kTKp6a5r8R82fncQLfaqG69GE1h1wGfLVWmRbl6oW0nVlGkknvy29S BtogG75fYyHyXBIEAWH4ssiJR0FDlRinNmGXl9x32pxt7rpwwXwquGaRQ8cXE1a73vp8HA6nMxK46N8sK4ScA2uvVbFgcqEASyfbJjyzZp1CcOx7UeBbDaspe9LcIzYYIpQt0i7sUcw1DaNt3tH w 22ItHUtJnSyd4M78U Qw eHC0Ur80u0uUdwCEY ZYfJgnqc6P5AFeLhBFfzJLEHyupOQkNLmfNzCrVSillohOJHa7csHTbJXhNaLSf1cF4GMp6SHcS1Aaq_aQRHcOHlhGwQf149JeFa5_y7yhHUZkNf4GvYPzMgEDPKlOIqf3Y3odmPMNV7owqLHm_uQejdUpfmMXe9065aWQWpucaOtlgrrqrOx2RCEk8nOd9i6UiH7Bkm817sBLPBlgju6-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.giftlaboratorygift.com/NU1tZ0 xDyA iPJ0FQFJ4meqjazxhJ7jymZO4dNTGs0Rovm5dS rNf8ZSWYoqGv8HAA8vHdZfZ2wCV6S5zTKmHXpG3l8lqM824BDXvBABeXWoxICN69qGQ1Ismxs8NTRJ89FHgUm0y_2AMpV4HGuH0xnKI2j5NyFxMrObWVW6WnIc91qU4WZWY6WOKogY3QHbb_pBM5d34K C4C7OwqHGL1sIMNISRD2XFwAsdlkrK33tRkvxC2RESllesAShRChBbK411_HSAZWZ27ztlA7fVyAbbuOCE841MQ_Z6xC lHTp9PSZm4nGhnqg6aW9O_QLTJKxExDrCG4pI_rz7MxsVkztmxymt76wqIi olOwjzU5DPBvHyLVGQSZqNU5QrQ0sKQhjfOP ujqhmH8LzUZYpchucFnc1wbsPT0QSvn27Nk8IwSjb89Nz 6F3ub0qx9wS1tULVjARgAiqhUG49OfE6PCjNDP1SLjmIJjtQXjppSFVOuhALW4jQ3esmUE4n6OoNLhgq-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.giftlaboratorygift.com/YT5P2Y0zC9C2wZMEj6ZTP8TImJ_8Qk5N1BZVNJJUmyoZanVE Cs5oZi2 ELI6y4mgyvTo1P0tcEnQJ_p4oJsapNbYCfHCVxxFzreFK25WqC7Uq7gOy5x01YJf2b_5339Ljvzx4wbU9NE8z2FEkDocc7CfnFWqa_eOD7i2je8ygjc1PJWt0pLTRu2hy_tbcZYnG14sihxyIu62ECeipBOZiodDUVMYpRrot66uJ5arfLhusjYW9EjvAXxpmSGb5vwqjIiWrYnsuqAH5DCf1PHBSuKXCq_wEvnEpHM9iTkWTW2kXVlyJnVcmHehhWZL7DIiD7f4fEItkzKxWPgZKDrYcRM3lF87HL_vFXhjlhq5IiNywheyTxOaMvDEGkkeveLU3CrdlnSz2pHe5EDJeGHNaLwXz80gSd_2A92DYuNOsyJQ zdovsgH2 TQpQt0qhYpeBL7kCcO7OOBU6vV87WvZVYpJBU392N 04MkyK7UqlR0D5hqZT8sxXgJOHaAIJmPvN8kyGc-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.giftlaboratorygift.com/5553ViixQr8oQ94KKx5ulD0a9x4AjMUk9GxDcOLlW6DXLQiAW1Jf1tS8zw8qNT9pLOdSoiN4N00 4BC1n880ZKYYnQBSJuwrq0zttYmGkCDbqZWD KavYdDoF6J8HTqaJC7MpJxFEnARn1ZhsflGjtdTLxrE6mV inItQRmnDljvzULYE0sKNs4EUEHOye63v7NPTaW2YCBoz7_4KIHJ2UxykwLvbl7qhkcQwUtfP loY3ahq04YpbpQKmffPD1l1c4DaLnYs8f a4HHmQqEb5FAYMyDt7s5fPjHtnQsqfSYvVfj5OW7 FIz37jWecd3UHbMtu 4CkJWL1EAAOkc9vHlqNxQmFJhzgpYdkk0K_MEe oe z 8XY3xs_th4kZRIkEZxpYAI9zsyv9IzT12kCWOWjTOPym3wV_14G5A_LEcuNEaoe6ISkTjCaJ0CIlbSP7rHDhvvwfKAUPdHPHRjx6VSIWbalvjoyOQBvdSMTBVtp7SleyvLaWA963OB_i3YJdrU_kQ-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.giftlaboratorygift.com/SfPq4XfuTB4X9gdE9 dHJWRdReLRjzE9Eed5hY Yg1ERqYMesrnM7X3ydrFDt9hhziLWinG4mX9FNFoKsbniMYjEKRZZf3nt3Uw4ZpB3kAOcxewAOQX0LrL_jRmLJ3OoE6mhwvuYok3nSkInevXxkbxMPM_qKVWY3e5JogAHgJlJoZKlYpOPR0C42cCfDg0cmYFsh e8Wo7lLl30Knis1RpOaZnm_h2tAkZoAHcD2A94R1Eu_tQ9ccSPPUWCFwZUHwXz7r7wkInxIJhywxraM8L95O7yGv4TuD8cptDp7dZz06_myCS3m7xy oW2KsKt5IBV3FjMDNQSI0ZDzGt8HVX6i0XcCkowctBELJWHG2fFW5SyfaXouWJEVYVrvHLhuHBvYHPVgQSXLj2YWHLBw3Tt7Dwfcx4VbWPyk3b3qlwxz0 ueK6HQnWmjO3Ensoya00uGgB5uQ06txeYEwyvwe nmSubPn7fClCZpp_cOEyoxdfCSnB5H8fswh0kKvShhkAncYf-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

Remove z-zipsetup okay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.