» z-zipsetup.exe
Overview
Analysis
File Details
Downloads (11)

z-zipsetup.exe

Tocokacec

Colifile SLU

The application z-zipsetup.exe, “Tocokacec Setup ” by Colifile SLU has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.presentguardrepository.com and multiple other hosts.

File name:

z-zipsetup.exe

Publisher:

Migikot (signed by Colifile SLU)

Product:

Tocokacec

Description:

Tocokacec Setup

MD5:

c3424f263cec7744ff2a6ccd35963379

SHA-1:

8d11f407ba0f964ed095050aaadadc1caf17e5d0

SHA-256:

7a660c0c83606a264e622f7cc978d86f0f518ab8155413ce544ec2a04148d5b3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 6:38:48 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.1.30.17

File size:

1.2 MB (1,278,608 bytes)

Product version:

2.3

Software Wizard

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\z-zipsetup.exe

Digital Signature

Signed by:

Colifile SLU

Authority:

thawte, Inc.

Valid from:

10/10/2016 8:00:00 PM

Valid to:

10/11/2017 7:59:59 PM

Subject:

CN=Colifile SLU, O=Colifile SLU, L=Guia de Isora, S=Santa Cruz de tenerife, C=ES

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

49CD71FF859D6286E6645494BEFAC296

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9843

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file z-zipsetup.exe has been seen being distributed by the following 11 URLs.

http://www.presentguardrepository.com/q0bCf8q6DuXCxPw5s4wMpXfOW9UIBvG Mv0JmwIxPdVz7Dd8JrY pBVmeBPzQ 4RyM_sXcTqZrKdw4KBqB16VMpx73c7rlZ59PiHkzofq1OAzEjWcymfpj05DAEJph_jRszVf5QXvMUAvEK fFP QYAdaeZIh8gr4dLkbRUGpORqxtiZwqFt3eV HkrKagtclwIAxALBq10RrRUXaXKe_3O_ANPF3j47Y5FK0W FH9vYRFWBuZsoBZYlR0RcLUDTOtPbVGnDUkhUsI9vQVm9z_lTObRsM6mEY1tfKXtxAW_mksgUJYX5hRURqeDoty7UbcRhnKKiUd8RaZVwJkX8kUpnUPWBTPQ839ImtAgog_0FyhNjIRWyia6TM51PMoGohcIXEKJLWfZIvAadtnqFw79HrnuBeYyWLFNXxwki m0 5bM1e37S_n QCd GHdFRwOJfPw6tQrhpGQLMO4QcZJ038aoKEBtu5Bq1Jw36IBdoiPKrtAsvzkgc2caBAvAosuwOSq6-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/qSugvh0K_WVjqTSzN_Gg4UfkS_V2sIjnxbxqiDg5BTTt9ei0W7 JKsQTLia5R7LhB GAFw4gosM3bBY5U_nYHcaMH9hNGYopY2fcHDb5vW4EJNLWxsSmw0QNC5QJZh3jyRYlzZSAhh4MIkXQzokZn9fTi4CJoUXv1XPraGekx_fxhtVx0QKLvMFCfuVLngjH9 6uxnSFPudy4alFdHFuZNdI29mRavNKifHCCng8MLyt4tQ8HufrPeP8nu7Q0OWapDkDPK_KLsLdh53wmgwHC5D49wzhRbrCEfFGH5txET WCBk2thRrNAaj4DMrbqZtnRUWrq0kK61LVHlj0p9z9A6dlMmBLTn8qo8QcRiu42A79t2LnNunLiJuZiat2_XStkDAIveawU26CpU2DOZUJ9NGaclPO5V1LRw2ips8AqFb0SiXzXV2wBCLkKXrrCD1AYgn90IiOf4xRkg vZSROyN76839G3mlmzyO76Qm_88OSAmacMkGXJGqoWi57GjIHMlE6wvz-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/IwOXfy pT4t 286MbDQdSBSkakha4yFV7b1P4DamLwioY0ZzDlzQ4PuiwqBut ZNYIVUldj0WjJ93pfo8CsHjhtpYNmDZiMTqyHGzNvntVBAdTt_qpAIcyX_7FnICLFaOGu98P UVfvQynpDhGmAV3wnMH6IYoaDSQQid0wJT7tHxOQWXGke6IJ1kTCmBzXEBOr8Ok5tzVEBB2IziDM4dj0qCAMqR8LiF08ug4DnZRYtrAgV2ejGlyft0RK3p44Ez8MxcLcOJspFXFSaX7pltFawIHD7CKsMNND0cOCPnsKLcwDGdGv9yla0alew6bKuA4n2vo4GMIJzEPFmvxglFWYxxY6cbOsAvPhgbF8ov2N KPipJDHJNXobcKaThGhWLILRzL1y6e6JEp2wCvP7rd7QPH17i9HjfzRoaxSnXo05UW0hKKp4uoeaoLJ7KGNRXLP06CZH WGlNVxVMxAWsXyiY36aHbDg5HtKR6Ga 67JFBwhwLzxGE4dxJduDygZqUYtXpUp-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/jpas76yK4asPHslMjpbbdq3Z8__T_u xfAcozXYuPP4Gt00v0MjE8HbOcYRsYCHc0QGBqrKUD5GolExnURDPUrHqBwfykBiF8F6bgpthqUhCHxPgYTu14g4UQWUrcg9mf7D_g_jR9KQcEnPDlINxA271noRLbXsFWOdQCwZCng_7dq6W5jHuNMI7Jc6yoZcmiMVIctzHr08sK7fw8aS_CralxDSr1OP_OjxdSOxyxJs5YkwYJI2VIeXCN5f5ynCp2MRP9ho5DUGIWX3HQxyRFLkGp lsDApGFWk8vsJEO8wgJnFykmWQua2HXvNWZEiPntO1M1zCr1tIh3e91jwmLmwPsBtgiyZduZ5o6nk66wVTTXzJ_aRucsWHdlFOPwi9_CSmhcOq6z0iInX_MQTNiNumwkCwiwVn5_SaqgedYjjU9fnWF2tQRybABZCS_f KSBBYPm5b1gS3EgHBjFNa4ZGtuVTDC0crYkEFfkk2p AVSFBqApNfaSQKIXbOTw12zSK_KuH6-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/bZ23BXWPXNdMx_ajR4RQJXxgymlRwMVN16Nt_MAzj 1nON3a1fI7tILtA7mYjubMt0NaU8sbO6Ltxys3Z4zzSImGzYiDqEDJtQ0mVCTpV_ 1FE00c9zwK21Y9YVPJar_PPU_1WhlJb1M4gz8ujwmuBPutLVZEhTkddrPGZ0824s_0ZZc3ahoMtfCCEJPLnbsDvswjWkidlU7KdxL58ZlWfynRv0jN iUig215to4I s6z7kQHZ4tGEd4azNLzG58d0qEqJ 58c12sLJbNuDMI8YnMWUxJMPZos78yHWBSiitsWhWC6VxeMD3JxMXFz6 vInUq5QkrOVe6i0dIHDPoJ9 KziKGOzLcCTcGhaReKoycQX886c gxAm5HUsUsAv7FeAyPQh5BpX2m9nJAomZPvXtTHoX788P7gvRsy4DX 3XlRdKD5NZMC6I7b6oHRIKA9RUbNVNwKa mFOm7svwh9yr_7xuvb946Zx4wWMMPBY_RH35HIGKDZXZLp05v2ysWAn4OXT-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/loE905ySxbtzAzpAaqMSsfnLLaQrfKUuQ6E5QaSvthdxTPJ34o0LLaFr uH7zkjspyCw6qcoUO0NhBHS6CvVObVRvumvkIZBxQcTuJNkJhQwir4a00G1AVNzTbDqJGNyF CZKlmFe3mfGfEYWmdg8BrzheP9TUisTB6MZYeGITE8yAGf1b5DylDPpplHxH3ojToFqy 4MjJVHx5G0P4AQXoEAmKQ0d9U2H4OXIMsadyZCYGsH6n_3 x2BeP51eQcofbwWjhkT VaGOQi2SjtRaSZ32TRQeZNV4fSDTV8eTqAKJNCrm2fDcccuuNpm 6qbnHAwZJTFiYDImtS7tC4HEA9il5bwEdsZb YeExQLq6fEFt PZLRURnSKyVnE3NWjDBfEAy14Ay t80kq51pwfO2QK8mS_HKY8e3wm9f1OTuvj7Gxez3FIp2FQSFKlL0pCuqeK7EdG2ZectwWJNKdWUFN_GgsS2BqW6PkUNT2ikGjMpDLn NLoWp9WxS SVlG3knDx7m-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/wdiiUlawT0eLAd0EqjU37ohSDXpeVllwZ7oxAIXD9esrBFK UZggKb8BFXaXDvVPk6d0baqIGJPNs iRIWP5WejguVcRY21lYmNUsQuWI32wHGyAUUihwlUydE_3 m4sDkf2v3arFT7I5iAugfR RNLIUIPn3j1ZiKZJD5N8 hMsVEG778fmaC1tzU__xodUGfHEzMZeQIAeps7SNkpL_tkAO6kCpGA vQOEfaVflt2uS3anqmDQUVoSBcc5je2wSg1 rC9I0aZzBTeoa PjoFZZ37GIMdyl06F3b14yrS6KaeAeOM2YtyZB1uTl1VXO0i5xOiXDMWxVXrxg1 trds8XVe1KtvH1z_zLIw6DOJoZ3XaK4K0HK4pjZ2XFAN192yvvRcLLGcykMXPW1C7Vyre5K1ROfiVk Jt Jj0F_q93Z757rdXjbv4JUB1i9cDn2Fkg3Gn_Ey0NlWFIYs0 RQGSxcBpyvGZaAFULhDSuGToWuF5KS3_8c1oODHgb4T8JxVk53TW-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/NIphpSwq2vH1T0AG86SWXkxBX5PTgMDOfdxgkhOidQnlUJWE51H6E0uIU0Znuu6IZUFMQlzT3YppZI_4kT5 wm1sXJeS1wjaTjCHPHx6SizA8_tOAIOrUko0CL64ZKXME_eKuVkZSUpkggESn7xh_e3M9QRISTRy2n1T8qjqzvt0dOqdLomqMd4_us2IQPxzyHa3q_5jRqRsoqnO5DK6TNjhe1KKrS2u8tM5 weAxGqqwAXQFrMdTuiZEgrkiHPsGHzBTeTLQlykMMsb8teK4ZWyCR4Z1bGcWta5A3qJZVLwPOYdX9R gx2UEnYylEFRUL pSBDdPe_vAePz0lP se61fw7pxfkBNuQsex2ShJXx9TMyk65c_hAHUvM47Y HYB85mJVLpuzdt5x7nhPJuYAutWXAL6ZQrYceX801VOZB8xFOxt3XKBF_ E0dl1Qk6VtLBJCd7EN9OjtPxffxq9Bu0dRKqkFw0vCigxpPZkqjKjAPF P5YooyITT6Fczxy5K83tU6-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/Rgm2Z2fVOO24jEOpI jlaGDrLzMgUKKWVYRaOt4BrBs9u63Recq4KPepvg2bOvO3YZ8rVtkm7m5ZnxlGmxvst hTZeTkV lwKNqY1G_8O7sY lje76Y_S22XD5FVxuoJEXg6s U0 2sV9JNN19fF8LbeVT6oGA73o9Kc9vDlHMT0TaF1mQrdxsOf_9k11jiDo1dJTzsAqza6dAJcQ6CLzp5BgSWJhdsh1cWtG0m8H8VZ9p6ZFNqedyknVCt3uDA tbMxItlXgrmsFPwKGjYi hdFNqAlVwGUbekQgzkrVN7W9nh x4L6w0pD4rz_Cl7daofaaSXuB9ax3odlrBXxdQzVDpZGDT5dpA8mcWBiZx3Rt6IlFgHxkUgslzctJoExbRG0MtfNXpx erSycHRHYR958pquAD_sFlbZwo1t8lgEDN7WPTCn1KMJJsYPgUwD7aY5e2CT ACIThiIUdgf65wlL3m dqTEf9sp2P7a aCvqdKlgFotxwDtawZM7ZaZDIDL2XlB-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/u7c4Re2p06aWLK8lbyFRgC_92RMsW2VsMMxCfm89li8rpmlpMNqY8ODi1u2qWDPjocW4qq6nmiTPspHZkSAiV96YPcw62jpSS4W20kpa6KZV7OiB9k__2jFbkbM7L4JRsCrHUTVI WJGgEauv7bAzlc9ea1_vekHfi1k4G7rFSOdIpcu5RPCcE1kfcuAQSOD85dP5CbC_Lwn9yEfcdV5dF_31AS3xhlmgBg9FrTqUdaunX5rJIefwKNhSVPtm8JC9bChx GQw8tVMXNdxtU9H8arYXjJA8YiE0 Ago38caOi4jBJ2Hr7LhPWXQVK01wKgv2JC4AhvWPwGX3BjMwc7gLsdLHDgX7uEaD9FaoL9VLKH46zd9s7QDhfckiKmik6MEW_YY0jr2q_iZqGI940Iym90nnpzO1YJzp2DTI_bYgf9JQ2xhR8TlT_AH6zzJDTRhMAHtJsx5v2 G282wxvcVaRCNCy6DI4EF7aiGJPRz3piOS6PBIhE54COFsuW6BrgKzMXN8H-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.presentguardrepository.com/z6J8cRNtL0IIcgD6uzcBilZNbKzGD2H13UwfkrcG7Yg6mgRwOdFmGZsLpk8qvGn6NOX75Ua b4lycbgW6CstyRmSw8gf sKCiEotc1Wzc0O5jOmRkm2kN6bAxlRLvnV_ZceP9ofCo8cWqTsVdCLecXlUHvZIsemVoyVtdHGxg4FCOvTQUOBQiM7JObU5lP65nWwrK8cs54bvRxZ6ICFI5voZf1iWIX_szQvXQhLLqEyMGeTFklX2JSF7_SXHxPIXS9U N xut6KveePkgHz5H3YCrwaCJOFhMQdxsL58wBCTBgs83dDiKfwbqcYz00GulhRDr7 E1LTFwEx9CaTRHgm8O1SGR_xV2JJdtOnQtTGWRwWAMuKXozt0RQxvDcCJR65UDAYhXr3v7KPPAEcSLltnUrnx5TAWl0dSiR2b7crP5Yz0gpJw0TvEpIse4qkotb0NWZLChHJk_zRWpt_luLItK6wE4mvTIH7c7LFdif_XhntIzZ_n5xlt7VIurfOJVyBNC9SM-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

Remove z-zipsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.