» z-zipsetup.exe
Overview
Analysis
File Details
Downloads (11)

z-zipsetup.exe

Locenohir

Colifile SLU

The application z-zipsetup.exe, “Locenohir Setup ” by Colifile SLU has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.bestfarmclear.com and multiple other hosts.

File name:

z-zipsetup.exe

Publisher:

Cenadupusi (signed by Colifile SLU)

Product:

Locenohir

Description:

Locenohir Setup

MD5:

0ecb7ebfe48ad47626ff7567cd12d814

SHA-1:

4a99040ffd10314d0afda0705423d34b140722e6

SHA-256:

eb7c7ba8ce7bc250aa18f690e010efa7cd712cfada2e5f2419643432a937c923

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 10:57:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.11.8.5

File size:

1.2 MB (1,251,376 bytes)

Product version:

3.8.7

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\z-zipsetup.exe

Digital Signature

Signed by:

Colifile SLU

Authority:

Symantec Corporation

Valid from:

11/18/2015 6:00:00 PM

Valid to:

11/18/2016 5:59:59 PM

Subject:

CN=Colifile SLU, O=Colifile SLU, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

1D8228BD3D6A0EADA24B1453F4593406

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6BL/5DpXO+rOrmZintUsXNE1TSCIWiFjVy4kcOhX+V1XZxlvcAb+H/:6lRDpXO+KU0tpNEVSH5FjrOa5eAE

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file z-zipsetup.exe has been seen being distributed by the following 11 URLs.

http://www.bestfarmclear.com/sgSDUnCcHxW8L4UVuRbtwyyKQJb2aM8nt8gRRQrwF8RPo4e3HBmsfxxc89WHzSDfgopxqatlVTi65uNVuXyj4BuqZ5ds3BC7w4LCU5 rGWcNiVYgjmh6WgMT25buVVwxt33xGPEah9tAgc2kpo9PTpFwd7dhISzxqlXGPu67gbSA_Qnw_XRi7gmPQ_KWUt8dvJmRpmUgAm3FCKl8aA4G9W3QnErxUMDOrwOka 0Yyk5KXo4e5voO6uvT 5wvDIp4TteVo9FA2XME0shWYJNyihM7Z6c2k81Qup8cClz0YCiQtVZdjbD5uC9KRQ2H8E9V6xv39RnPWB3EKRVLKhvwRM_gwfEauQwEkMDyeqn0BDQ1u4yeO0wENDvvrzyueYn1Ov54m HJQZNj5qh8Kremtv9BJhYNRgCigbiapH5u5ODewGTk2ET6YfxTRC9rzyL2czrZbVuT0SkTm4NprmnfyN50WattOeo7vEfp5ihrcSRNx63arQ42f5qcRAzG0ycy_mY6vJUb-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/GbQPwQv3tgheig4tvyowz9xU3d61qdaCU4GcQ_2nJUegFi6PhSQTec1_YXE85CP_7CqnDHwVVLRilcquqtCDY1IyUFCVruLl6 7DS5hWbcMEW9AC9njvfiOe_RC T3je6bK1zhg_7DI29fXR27HpinmUwK6w9Sh6Ie5hx1 GcL9AgQDOz4oXwdDBfFECLPbzBSnqKNQUB9kMPrmIHKl1nV qg8LaqhuIR2wNodXuCh5P_LXmhkkqBwI5lo7CBHGQ3TXkI4tDIg6qLePtCLVDUjG Fapt_Mn5 O8f4OVN57dHiEpf5sI_lrvJ__aCYyt4gFsBkAMawucdXf1zlLT1f J1yTAnEnQruSWM_cUE0xZEHHd80D2CP5Rv oqbl9Oao8SC0WP0sFy6ychtor2wDWKI78_QDaqjSdB3l2oZnRfjIwHbpx M5eC3Z_cjevcicDBxf_o RPTiRzXigsmyvJO8NDf8r9FMSYgYu13cNo0qjG UEHnA7XFuld2fUK35 L6Sme2-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/RBHWIaNqFW7SRlFGJEUsQ7WRkXPg s_BmMK7bY3tjMwL0BWUfNHeoRKollre0slE0W8QJ2ODJjkWAAtvF8RiCfi2OyY5NJsrRYKPrsbv943N0UJ1GPHj3ce6jv6JuqMJ5o_rE5Nmd3IK3Q8BGD4Uups8Nbo8gctKsO8vTIrh9a4LH6ZYIITxFDmjl8rf_R5ueppekoLQfJONmehZCzs3nEFiQPfv5T29KMc4t3LMhvy0CnrSpKCfBWIeoyWsYZZLvom77aebHdxM2t77LpUjKMzghX16kXiWdCF_WmIpFDlXLzVl 2ICrUfZwxLSAfjztcx9FX0vKOgL5Ynr_1eVVpZ5iI5yCQrM_rm5xMIK cdEzXkVQ7_Wf5EE9aRf1uTHn7rxtKuE9oEOHX8OA4iftP5zaGqvqWGS_0C4hHHtH_N ifxYzemTIOkJWuXB3_1gZRkt3_qsBBLFkOJfRUyiDaYpvtW4qSStTU4OdGc bIluqcUSFqgTE8_Hyu3yiez0tjbgs2IB-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/6cF2PXXuVxjgt4j_nYwJxpA_vPCK3wjzrYUjWnzf96tlDTBdXLhITDWmOcZVVc1JcJNIZVU0IZWTQiv9rqSsqWV_qP3i4i3VuIxF2goTqZPXBmbEWPKuxeE5kBPi0T_906girTmmRuIAyC88Svwj L_qISTIZf7UvZpCi_kS5b5GAcj490RP0iZtNa2looSpU9Tjb9IcOwT8TgJwHpiEPj9Z6zb NGg0HVb4rLRsmKHj7xoEeNz YL6fwL5VssljFi7_VdG Zu2stl1jwWaqnVDyL 5d3w7wZqyhONkfLR6_6_AJPAQvzFUOmoUYeo8XxnnA ZpngSpyjrVOEhcwQAgIdNezKl5UU6OjRuD9O2czk_LF tmOnFpSMooo2MIuSyW17VznEFAq5v52Pwz0HR5zuTbPci1k_neH9GEeIJP9MBv4KYQVcNhzBbyKWg5i_dDHAb3pmxsfEJp_ 2kAinRY 34s4lzk3w54FRyv7PjWpYzCBpz9_DL_xuItvXbdfoTUgPke-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/KOJIgPcWyMtMh1WRbNSvNZdSg5XsSafOPqBhMVK7C0AqHnxJq0G2fni3g4etP793oXsPcjezxC bs8U KEBxL5 e9CuKGDYeT1spHgxFzlDFhOvN_Lvqs 4IjxJsxKHymxU6IMLLRKuGTxl2cE1agWmh0ZK78Ms5mQ_34uz7SuXVsAJZpZc1aFgjlTeduzQJVuXd1kHGBeWcDfzDg1NgqHn9RFGVQT0UvewInUONoQh9LCvh7 B nO OEVz3XAb5D4QKRmH4z9PEYTi65dq9QdGGjD84SEHXspadhEravb9Mt3RZbL6jMIYva0t3QM_UIQbm5uQwqwmDTvGejXdMx56475NAUPsIVNi0GQk3s xGccj Jm8HEjk5fxprbYyy8V9g7DuhLDM2ZDNZGWr7SkQTMcjFmVsJvna8Sl7yY0MqpSqe8E0gGMtWxpGdpP3W6T4na9W0aXDpUmDlyLZhZkxzOl1FdT6NHZJh8kXM5dgOSOD_FiEf1bPlhzy4CKD 6UOTSPMq-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/eDSjMlmNK2GirN7Y5zYzB6yxt_kU3TGhCoGBkjVfsRuSTbSKjQTxXgMqfcjJh8bZfbnrDEuOVZE4G3k hgS3lGPOvOHmEn33wtAIy4bYR1yD3OT_QG9ZnehdXUpTAEI24QNQMwhaCKmdrQbI5RvFeO5 IQUXdCsvjb7m4kvZlpmoFKMKshkQkDSqEdATesU18520Q2OtzkTble0nt0UnI65t0a6hBTc5qf2laCfEtrZWs7dNfM0JQu gdPj_8E1QoY6O ZZgpS66GQoqxUGkdIppAPrauMHid3xZcAJ3Z60HxszJ0oOUup7fyyNRVC4a7G1McmBo8FCzhQsPmwVA6VmoW6RsgZpq9OFbs0uO 9RrLU0W5aiHbp2FtUnBfqBGjPT6eBtAC4QGmte4BJ5qL8hdAElATQiG2Rdhlgk ZAVRtMmpsBt63m0 qMH7KsLCWABUFgGD3bQ_tBufk30Rwo2cVpGeWJxRHb54Q82B39Vo3NWDDMnvzmrtSzYxILXbbmMpOOuH-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/NsR EgvRnc_DOTwT0qS_4Ic_Pv3PrTD5ZyFgblc3Eaez8YFN7QK bODi6soC24a6Te m76uaaIvSaZMH1gMeqAJrr4o8NsXnESOQChR6SBpDHU9BARHUekmgXCWeQnJYm2P7RyuxVggVl93HlLvUkyD 1X0Hg3ReIzzhdUm0SYPHaskcl0FgK wcEc_GXfWTRydjqil7iEgz7XQtIIiet0E3sFTnhVJ7HTbIuLDir5n 6J065HSfMCeax1yR__8aof8cMmHCNDpRr7FsfvtPGp8ffs8Mqt7J9XxajhsvfkNql188phgsqKfN7 iMC3FH9jeA7hW D_CFSb6TX9dM7n5bzVHyv_9Mw737rsSy_TkKgTR_KrtbTrToGFJ2pch7JARIxiqNLY5iKt3GG5MfbEp5ETlL2ubLl7pmIAhcyyDKK1AIQxFvtgq6RofobuXrHY84zy9r35QHgeF6U1DG2dE1dkTZF4xhYalUe vIUYGbD1KnS2KfT1pt93KUNHo7iTIRiJOm-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/ YM1jVhS54sjr9Do0J39hF5xcpvLojOwHssaQpwnpgryIWL7SDv R2o7rCIruML6VY 1ELlg25Ded5ew6jQfpJOSknlgYDpnPTrkBciVFO3eLLmknFVtRSonsK5bwoL3qLMM8mNTlcTrgrypclDqhXjLtGnPmCU_fEMnq1TC62hsRGzyNwshlYAwt74Yetr DiV2toedCXLdOA9lGwzScGhQM4AabflQ5cwRltkjKXVJA6k6xjJo5Z0VtxWuVhCOJ4yo7IOjDcXeh79QkRd_s9zl9cuOOQksBvJXQjeof0v3NXwGAonaUUDX6DzaXAh2aPEIUu4WD2xcWsz_4oDYauZvNWJ2ceo D74f56Io88kOGDaGcvrORjNdgJdbXe6DRX824enHeM5m16UvVIG8EUj M3p08Iiqp4pKikfqVFxDogSZC_gq40q41JTNQzRJszOqV6OIMLMEo38svePOlldejnG_73X6aKq5CkMPEP2gxnEUKcaqeSMeKM2WgSeOuTX6gR u-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/PgD3yDyaqKi2zWCY54et97kGubwKKoCdbsGk45sCN0snoI8RMRsyxGaZITLFvQTcfYKVGTptCj2 WWVlLATRIVK9Q8WVAvtxombnu_moclydFYzGEqW9bNpnh5KNiUJEMHwgpPIQIp7vxMEwKMa8ScRiTcl_ztUOAfIQ24QjbRnZ69ZW5EFrAtAChCZw4_9t4xwNzxagzmyy9k6gd5eveRt0z44pSQ2nPOqAgEQal40otaoReDP89a4yr4z5w1jGyYi2Y5h2MPxBZEuJKbMPEV2zMZeNCcxq0JE_2MiiYqB6za GtCIHAKJaA3L0 jNWmileXr1GpiVVIx_Zms0TG5VjPQlZJPQA5SV2GdoFINOGB5NbLSB8ISfVbNAOb_qQu5ZWGtt8aHbkkp3GvhMVz6TssphtFeWA9UUWWLg6Hb HsbNAzCMnWPDZT2A9aBIWJ77go0Vc 3Ohdzz100an8SO ED YMyy4v14sPhK9rlpRkHgvhk1ds_oihSUg7FneefYm19q-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/ulV pyZ1x2WXucIyq2Ig3HfA2aBC6E9uKMYfYlt0QfvIt_m39kNdeIcMfvd RhTS V2iIw5azJT8zS4uw02d FWK3H_VtxXOMiusURPW3kuPU8UUQ_aXxIBra5ewu4Rm_X06gLA5e2yTIRUH_zOPmmWxzQD9hMZSvn1YBLE4htXRMb0tcvAkbB72_qCZdAdNjHhvdIXIUP0sXN54GVJINE5NkUyD2Zl7CAI1oDE5Xpu_R_fQRQf79GdZYO5LGEP3I_w7C2RYF_Vw2aexvNx73Cp51 yz7fxhBq2mp7WuI9sybdho1pezvaek4_9gobjfBQlv0ymlnZ0UN8Rg2UDW2W5UqUCgi PlXaHwEgpxbLNxOUsW9I7xn671cxCMm5PGLa5T_tltqetQPfs3AksUx4V8X5hCCpuTAOSd1yDY6gEyIItBU6S0B8uSualnWCb8Moc4kV6fCZyH6bYpARfzxrF0qjMgxjWGPW Tdznmtqjam6PBaADL2WOqau_DhqiXbc_8nZw_-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/60z8bxrMg3TFtAuSK XpMlcytBUka17vF1ZCOQdHHxRmP4fGvnG1uyl1XTM6OoBIjdELaLncG1M8vvuIBZzzPHy1rKHpKDFNnS54wW9JnQNe7L3mZ04g1np0pjPl8XNm5 mgOFGlCwkpLxENX3ceUcum3Iv6UYQEYw7azldVyY0 W3ReIqHFNev2X30hzqMwnisgA97BXS8gYIfAtorUy3uEKVvvPcK4bAElWey2YcfPvkaZZ_Xn6QRv3PkbjlIh8xLWV3sJZsYHYVaKGnVLltipZFRxb0SIUtAU6qg4AQv6wT49F22tF5AdBK15YNzlMMcMej3R zsBzEnLncFdfiiMujBoayML4VC9ZYUwEeMoiwFSQyPjQWnaujmhFASdvqUS3LIDKeA4imu9MTgEQD_HKUS 3Ej4g8D20dL6XbaqYVM1BkTYFwOP7kgA4k5JPqP0Kf8Lf5nC7hs_T_HlAf7iB4F8oCl3YpH6tBhaC6my3nohrVF8wl nusNJTmUvQR8ZwFSe-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

Remove z-zipsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.