home

z-zipsetup.exe

Habuseb

Colifile SLU

The application z-zipsetup.exe, “Habuseb Setup ” by Colifile SLU has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.presentguardrepository.com and multiple other hosts.
Publisher:
Colifile SLU  (signed and verified)

Product:
Habuseb

Description:
Habuseb Setup

MD5:
668a997fba4778fce4c42212bdb03c3e

SHA-1:
23566d8e1209cfe807c4b7d0b3c2bdc13d0182c9

SHA-256:
8e3b0d19bf5e0acad6da9379ac8c77e477acf504eeaf450e39144adde648ec1d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:36:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.2.3.7

File size:
1.2 MB (1,264,392 bytes)

Product version:
2.8.2

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\z-zipsetup.exe

Digital Signature
Signed by:
Colifile SLU

Authority:
thawte, Inc.

Valid from:
10/10/2016 8:00:00 PM

Valid to:
10/11/2017 7:59:59 PM

Subject:
CN=Colifile SLU, O=Colifile SLU, L=Guia de Isora, S=Santa Cruz de tenerife, C=ES

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
49CD71FF859D6286E6645494BEFAC296

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, 74, F6, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9842

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file z-zipsetup.exe has been seen being distributed by the following 9 URLs.

http://www.presentguardrepository.com/aUL5fRXOFbXwxrfGmPgaypxrkgd0BVECl6DliXoA21ZPq_Z1nZUwr9UJSxCwHiC3TVEj1ONcQwD4XThdOihahm5lWWpY SHTweWwVoYw0V_B Qp90ZeBaBNQBegtOc_pMUFglu1rjJdqlQZlcGwMppJcFcOUXRnyiTLe8ZmSxHvCU4sJ6EEbbSsspOhwf8eDHBew6fHldDKXWGVb8_6yKcNOPEfqRzIkrRC4QCxLTF79F2PRsDpsP8ROlwIGZFSutrPMO7TYPXSeYl3 YhCi5QaSMrOL8RIN2fmrcM385y_Q2Z385783oo1fFkFbFuTBYiWJxMe4rFVvaLg_S0a2n_f1GG0z c4efDBCr 8TfbjR_QZWbJ6hbf_YqfGbDlR0S5aG4TgmSpjmlYgvIlV5wUJYq0Dvg0ZYreilA41f_wrvgvCQkKsXFsQ2Mkt0KHM06OfFJj iR5pPFgXUDy GTsyF2fkZdyHH26JtJ2 jZ 6W78SiJJENwmWrffROpu1RklYwX69M-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/5LMbPBeuRvzwB0YkDLjxffwODejE4uTi91QGZrVjXWscg7HVwnDCQvxQi_4mLkHZ3FcIvs99dA1EAanSVOIAPTNd5TdqN5H0RLiT3xQI3iVMzrlf1hQkCKF H1UXUewL8 KipnzhXAtgfAxWipM3mBiDG_SrwLWNf4IOaf4km7WiI5q0083suCkAU1Ec4QwRlVW1vnCR22eKwQpSk9EqRChnjGe1Gy8KM28fvXoyAsXVEbyAb4_7QW45MTS88Ak1Dxkp1U4bXAJaZ46P0rRXtwF3WsYqZa46iw3trN3gtpIC1wS6b9biIld4_NuW1KBwj Bl31DtCKz5MQCEwM6Ww3PAmuLoPPeYHu5LHmEsTGMmirsqAeg19YmFOA5JTJf1tyFzjnczr4lqADY5N_8XKstG1EhCYBnXVxJh85ueDt_NcEDp8O4Wah3vS z02ywTVhr_gtH HRiSQ2nMABys1hgLFN BDZJaLniA4tdrsczMygH0hxDE4FbXtNX1g5eXb0o80Bh6-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/8MwY1QsnEH3HmS0w_n7SIbm9JnxKMgcIdxq6iHvdsJXHIT_zJa6JsuYnURwh4EH_4SFjOuXu_GJJxDzuVHS5Itxtqx565KeOHRaRpTLxuB0ry26t _oWw1eIBaOrEM1 xyzw_4dmoyiaOLEf3arJALzpKFDPk9tonA1KbX9DZp7wGJCcTMYsJQ0CTkeKZJcAeuRePtymEdW78oaEz31_SyGuUApVJrbYs5iWlYot2xJ1tPc1apz2YkUZjR BunknAxA4KRqe_0YKxHEYAFFM0PN N VfaZGJ7ZfnHqVxPxUMxDjjnl2q_WVCBCS_6URLpN9medu0yOO4A_chM7Yzi OrLSDiuXKpIj1ffXX3_k_lsiPFIEXZeIheqJztSJ_wBsw208mrb48ze6QSkLCa_d8jU8c4soFzTh5iMaj1SyGxkuQcdFVjCYvosYg9YJBVPlpkln0mpn3MhuTL17akbcsPpuT05Mz1QcQkadX6n SemwA0z9UtLrEJ0x10Mr36c iDSYGw-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/1RZE3ORdHE7hnU1r7GoOIrHFuoLTT1R98G9UfHaSvOR2Xf0itihgJ 1XfyzAhSUlsZkf4dF5xdKgZOZeYLSFrVJYqrdb06X8oY0e c72Pmm5QdODM7eGbfOJfoDNxUSuRmF1fwlStAuOqySgbPkrFt3uaQj9zWVTOpwCf8jAic CDqMmiD0b 1qMs77vyB8t1VWeOBGYXn5PlWW ptsDbYN7Gqw_RkNeRo4 eKyS6A_2NjRfTnRBTaI9LR7wTaNZgTTouQGus6jk7JSks9bd6WCw I_ORxynUg0I10H1c3U4jJi01ASHUmpo5p1EXn_9DFnH_uarsQ5iss_8z833rXZ2EETozr3Z8PNF5U0G58yVcP3O78Ts_KdaBfEAg2 tVeheI8GfpjZi XN8OdxiK9FuqRZQ9nLUOEip1_Q2YY4MRgn0wROooQq7z4Uc_La_RqMH4oUx7SG3ceRMcyR8uilSiERyd5q8yrtnq5R13UyTEoLKI6EflS9gfOvNnekuF3oCkmmR-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/W5QpD_a_dszZEvf3OSWG0cI3nWPh6Y9lo6nL1QEM ri7oR3wY0Fv1dPETJPPM48p1Hv7DOfBltggw2dAaXW9gGyEvCqYHGp6rXMR7kxsJdUVsN1yFumZ9zGqDQM0V0tKSkdLy9V934kC IFR9r6U2HOm WDofKrgpYaaR ByZ6FqpZBIy5irLVcCglnaMrl2idR7gVCxHX_2sM3VgE24N1nvweDXU7o6dDezXXkCe3nfhpvB5z1blZ1KkFr7 yCzYB3viliAK7JngNfPlpErrnuy48j5VKi7ohaUk7kxQLlcQ4LDtjpDozwuMZPXv9S5CO7pp7WXCJsVUqz2e hu1SrDykNE7kpjTMs_aFibRtcHykK3YPrIOFpqlR9Av iH_LwFVVSak6b_k3w810jnF3r iwXoqq4F_40c8xN0ZCn_crEzOUNwWbrrDmCHLU TOehKYL3_QWq21jVi5zDfXTRI1XD3dQS7xunJ64alZPzrsPnyo9BPk0s93gUrFiLKO0ccmx7 -GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/F2fKazjpQlHJA1lK_l97wSmbo5AAcWl3k8qdPi9RaI77svGjFPNlSGYS74CY8CqK8CYYyVri5LegDyAUFlDB1v2YmwOb2WBqTCxFNwmnjEcIUvpS2lTkvbkBwIvKhUUaSxvH2wehXZt H6dYdReXA7hxCQoX1uGvWsA67xzEUJTYudXWFJxjwwAPzhnrh1LsqM1kpG04tB94esgWYW0rLWF9AaA62Dcqb4zr5mcsh5Nci_tqY5ayikwdez3rgQD06H58B A5Our6EFyeHpC1 BB3MMuLeCXUKmzu1 ovEmka9SzTNvPibtaEZ0ck6 0Yc9WPPRQNu6Cy6XHfTlpUArnhd3xMUbWKSJII662dBZ6mm59LIkBpZardSBg46CW B9JxFXB_Q9M0gha5UwuxCOLyW263VLf4M_kpr9ow40CsF6U4TRQOXDbKBpPJtM0PcJQ7iySvsMkIOOiin3_xyyNbMj9NpRlwg1_qrjaMIq5D2d5NfWbtdqJKZWRDORpMoinluKur-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/14Xr6JTAXsaoBOmKuQw8KFGJ3kSrccxMV_9KG56j8 5zCy 7KXnmRFOWHFd6OABPwurg7SSb92KrAdlFtNRxhAerjY4aWTQy5axEypX1RZySm0iDP52PMgRMUoE8Us V1LL7Tu Guv1cvVKOZUjWlazCI039BSyGrxxY5IVNdPGv7rabMX_oAyGhpHZnq ywBOR6g34LcrouArf0jDMaFVYxM21szlDerUixoX1IxCJ81pzHjBz9rhLeHUK4P5tc4nUzf2UHVCO5Pm8EBOXk6r7TVPOBPtd1JM GOBXb7goHudkR0hkBjkutF23uGeZQ508n prOl9suo0kUAgFxV sAEGwcz2jdWVhWAftFc5dFoDgKKn9oZTyYzU sTkeKIg6_lOtO1VtaBx2NYH5vAZtmz22SfMUzCSACsfRWSz17BvxaU3wkw2u96IK25DH25MZJt0FV1HeofJp8faQerWjCe_sovyW9aMUfwU6HER PyDVXuEOECFS3SWyI2MmG5iTi3tIx-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/3GsoJaJ1XHVy0w1oT1OdCNb1D9zSVcZoCmx3h79eflXMQvyCyxNl4QgNLB3isdSsNdFsc9iqPAWFmvjf3_jYzH7HjJEDiqQDRSdt4soIeshU11oYkLztasgVByNfbBXMT8kMd7r1ir2vYh4kGAo06g1wTlf3hFF8Uzx2H701BPvmFJKlgzgNH_By2q1S fYmklO4aT3vv_56IGSVwU_zRUfNbkBJiyaSm_KvhJtC G5Pr LpT_qL 41sBguGN2UnumgZU6zL3Qtr6Hri5oVnshSR4QxagVyPV1ozPW0H Pq7dxz8vdAu3CLHEQ0AONgsVARJldI9tpyTL_mOpSfmwcdE02vHGvi3w7uZJr7iqy0_vgXyDxel0B7psbGC0KmUivATPp6n8KqcjlzJvRZg7OxmWf5jFX4uu2PB0PcakO9_cN4qMXGrUqLL9UmgxOfTNkdNzHeJkFs3PEzxUYEbe3iYU6vvU5fMiEuXEU3TD6tNTVcZG2cK82rvuKs5lxx5jkKzkuah-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/gYKWmrW0Rylu9RXGuuOyJmH5ikI8zS4D5TZ_CNYhQGKT zbN7x2zFUThNmbvFTPBdeC6GsN6ThkCBASDZGaHoiDawkyss15cxQ89CTqUzn7d8DiHyiRbnmDeOcDX2JRZDCpUdGmE6kIbJQ9Uu8zRI2HaXqZ_966LqSBnfe8m7YwUHWezBfDa8F8eYvazMYWkkTogSOktLQ1wiL 1ARIpDyT L5Y chXjAeSpKbD UqEl4kzwBKzuRDiF7rLeoRJpkpQiRLL2BLVkn2Fi0y79nQ4MjN2BRgebX8vSDvs16MP335f6GC_xbowSgFD5gRZjGMB7yBoruJ46knTs9slmyMd1OhtLCW11zdMJPOfrRo6al0XvYPl1DV_AlYmY6rlUmE7EMAesftjhY5VouWjVmVPHWY8ph_uF8z3bTJnOjG_2dr14utwDnvbCN1e4irqhHh_eoFe1ZY_UmbfJ8DpPrXpJToJBmJHYbXH_tTQ8z0LZ6EH7AM2D0Vs88CuebM2HWjGXzAMc-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

Remove z-zipsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.