home

z-zipsetup.exe

Gehapak

Colifile SLU

The application z-zipsetup.exe, “Gehapak Setup ” by Colifile SLU has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.bestfarmclear.com and multiple other hosts.
Publisher:
Hubeton   (signed by Colifile SLU)

Product:
Gehapak

Description:
Gehapak Setup

Version:
3.3.5.1

MD5:
d8ad649d6d107303694d8140d23d4d88

SHA-1:
8fc45b2b51f72c10f8a1a8292449524357ceb580

SHA-256:
58c22178e4f14eff3c06945f8fb44e3e7c62233ab3af231c985915b9a4fbc304

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:27:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.11.14.8

File size:
1.5 MB (1,528,544 bytes)

Product version:
5.7.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\z-zipsetup.exe

Digital Signature
Signed by:
Colifile SLU

Authority:
Symantec Corporation

Valid from:
11/18/2015 7:00:00 PM

Valid to:
11/18/2016 6:59:59 PM

Subject:
CN=Colifile SLU, O=Colifile SLU, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1D8228BD3D6A0EADA24B1453F4593406

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:SiiMAeKCsoF+h4dTShaN1Xdo53UwBKmk+wz2ssIZ0OpeCj6lvcAb+Hw:SL/eD1FM4dPbdo53XcHdCSpeCj6eAp

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9896

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file z-zipsetup.exe has been seen being distributed by the following 8 URLs.

http://www.bestfarmclear.com/cEsV5bHEiUWTRQHVaNyovORJfdyocPLCF0o0S78BwNgkyCgaX5ztvJzp0hH9yrQHrbPC2JOYiQOLqa4OZ7iB w85Jaxx WFxDmPla5hqh_R9zbzfxi4iilc4hCCm1WoR5WvsuhuVchVNhhVmuyNNltyJ7niWFzkpLYu1iddUI5Wc7f2lPyAnueC2czmq0o90j43a2nxFphrfqOB5xAJ_O1ZOKzbV15_4I6LL FNSrKr0zBPoRx6l7Um5c51eJgPPtHw _rtu5G5RYbn5LrpE67E6_b67TE99a7dpcEXjJKmX5wox1T0lNxJ2J3cr2YYHhHyFwMF 8XdZS_gGtGfWRWnX4MFkg6qN_Ue0XoFgzaHTmfolVtIG_079TOGxowTXnNrFsuaptUH12T2LD194qNIRhIi9sVkO83k9xul4tvx8Cp6Fv335LZovaK9XOxaJtstVL88_XbaUcLJZbIvjgy4w0Okuexxy1 r1mtT1oRglphP4zEENLpNmhxRiBhsctsjOaiI1-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/F4oypgPp itSknbmZrlIHC6zHVk ZyCLjfiyfZaX3I E_oxKKe3gKIBNDyrwu3kGhSQEQXQYuyEzrQB9HRts4WXyRO3fXi9gH_yEL9gmnOKfQoZqhnWEO_rgh4n5IUM8Nh5XA_zNkQVTmrIaQB n8l4kiWjWI tbsLMFiH7HbmLxMmkqokoyLhgTKm0jOyjvMU2XThJL QcFr6gfRpkwyn3a96HSPGUorz6k3kjLMBNnYPWLkpipvY0toBppYnCX5rQyoqU6R1OkyF6j2oV3i6nnV_HKIyvytS57piabdwN2QED5tO0aVXmxOqBtjw7ZOxCDxL8WEc 3qUP8ozVnplq8mtHAjRElAUVMMZIeXAEjvFBiyoN12wFPlcFrI09B_9KX1109F7ucu3z5Esjqm7Nq8KAHQLNxwErGy0kc8RXsImjy0f6dRaN006iArxf8k5IyytOqgGiPw09eXh1SAo9UM3xV4Fenxonw_1RAIi9IPrt5rBRl yF7BZm5Sg79CjZMYOl-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/sbsnmhC8xyDLE_ge 7VLm6WU_RZopKWk5cAD1_oJAlGZSctvrkcrVGwkBOsbwKo3wkesnKZmGy5wXZ5aI 3N21GxkGOV5ah_vr a6dUuUKG MeDEuPNpjQx1FvKYU9ZstxSUmFp YjqseD2Hs1m_je8kyMC94doYDxzOsXQnNK Ps4A6WwousS7WNruS3SjugAAl3E9HP2iU0b_JKxYDD1y1yiQePIVaH0C7sy2AtNI2CFUHNwV oKlyhWtwHgRM_gtTg0EkcG50JjMmCVmb23mENrQD pHaZaxkvTMuLlE5RagXcs10UQPB9kKdO1Nw5osTTpbwLQN8MkJUhLDKf6NeHAHQVtRjCidsPIxYfJMWO_qfciHeywMBd4HN1rXw0Nqwu0dR4Go gQQnoex_8nuEefDSiTXWsRdmCTLdYMEjT0OiYFOjXRFJRQFo8zpp8dFbyEjx0scpfC5EdEMEnSUgMnSj10bSH pHqNxWOXC7B8i5cdlPKXGF_jbnGYOcDfLL5gT7-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/7_BSegbhNiskppnAJV1BbDPboiN022JA uYL8vAKIsOh3_x3RA0ZxgqrY886IWf R e7xV8Ow7MkAsieryPYVqxPc3In6NUNG97QaBfwr7DF rpJPtEJ6 x2aNBYWrkMGbcuFIx8Ggdg231H965sQLb0hCM9bFUwgF9Aqmbe43SKGCBZchB83T EU ahoahpapeoIjA1Z7aJciDdBsPWOg99jHQ0jXwfTlAyZmeQuwbF2e4kIn737SUgD0VnY2Rh BO30uk7ID84kSDXdVZwQrVbXqmL5ygB4oS6DdHKuJ5M6i4aRPn41G7JtjLDNxvVBw3AAbGLinpSPG1P70bTQe9s9ye67BkXRAXn_apVAoo61vQUEBjXdt0GR0s9ztv8DMgoeI_LfrVbISqia0mzweTRgJOztWMFe6IO0L BmsZTXcS2fxCaWcnyhblb ElxVtKIA8RST4jpFllXxXco5k9 T6pMDpedP0X4RsrwDEjo0Qhpu0QCjeO6KQrJf7B60trJus n-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/7TyYnv6V9XSS81CAl6QL W_g9kntwiLAn9U1pMjoPTWrwp7IF2feK DepEe3rhlSpl dRAIFLEazUB_Ai9YMj7aL31wLdFxB2XwsdHEnzvAfYjDOOms2YeuLJqwLONpKxuzlVsFwg6_T4HDj69DueQD3LP_nk VtzMidwuxwQFO1w5kvH1_2NVh6J4b AZQjFO0rqlgUzpVxD_TgWkJ2f6x6y8wLHQGNlwboAoy0JWarLfKpLTapdEObujfEEkpoU5kHu1H7ZWkZnNCSwWKla7frLmRwTePxaIXVO_fq33ON_pfT4CWydQX8bbhwJ23NlRy0d_vGySrt_WFUCLwhswfhdsqAJaye6c4YL1LVNlLuXxIzk2PgOpkYkNJlIcHf7vgG0a8fw2yqNWzIOF9s5S1dBLUSXF2LnjbMrUWHAYHnbDJEtULoD60Fw1qNYj146SHyFOPuoODKhnGMnYUR7Ik0gy9LHnQOdxB1UAz7BbMkOptHsuQhEyoXLWg27bXV_g3jl3UH-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/h3EvZA_gh9rWGDVRcWLotAjERmCz9Jbdn3SYMJA_UmjVgX01w3KXCThHddmeVsT99ZjMNFgrH7kQklnPp4D_8IiCR2SM6YTlhLMTeoIJngIgSA3m3sRfr_XOXZd0Wk 8gevSwYjUzrsC7VI2iCqxonwZ0xi0I4JJb8AiWQdR2igKnHiU5ErLTBXZ9GgT_b7Nr91 w5MrpTcGHWo2QOW5VPO0zBjuq7 91wj_CAOAeMUQwkOwM3_hrLX5cImr5ZS0 YRZataXAK9qvCfonzPFmsd3YqV93TtMDgbW8 WTnfm2OWe4hC6XNpc951TRD8Vi8sjIM3UaFmLaT9Gsnx2GvQkUG3LYIPA1e tFG4G4AORsk_BK4WLtHPNGA_F6dF rL1fFhvmWkp8I4cJUiBlcHAugW9NUd2vyl5_7ZRdIHhp4IYjWBcNnVICixm0nRMVgJo2O1Q7GvTTRZhEvVfQfOh4SL3AsUfEw90T5XqISHWGqAOhuZewagqj94Ffh6_fzxwcZAc5e-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.cleanguardsoftware.com/3ZbEXgqI uO1p4K19PYPyGoUGn0aOKepRWtY0vEWy99CX QVLlfD85rMfI BMfwnWukV_o8QhvENieUpJnZGrgAAX3ucShU5SMExHQpSlB5D_3gaUJixgBPGtdbxs_pTan14yCSAxM2g2pWb5O_ mfWss2 bNPR_pVXR2b4mnbGpnYEEYEaw9GuRzT87AcYd4uWKxIW_DV8C1vwEukvCOJv6BWyJpuIi4IbQ6J926Tm1rDyAW07SfgBJXVXcMdjNrI2P433EPin4cG7cn6ykHHMN1Fy_nYdYL3HbeeUxQmvpufxObmJFEbybWsCtdcNywKmvNxJA1c1yUrXgTSlg5gyXl4woQ8QBqlNF2uId3dJ3uzB1TskyqPYkrPdhHKusLsKVGkGiZrY07r4dDTEGkA ly__O90IIeQ7clrwDj6U_aJqDvtKrrcXjrnMB9fatI1XPaVeEhwxEiiT4 0DMpAN1gen3o_DkQwz5wI7toHgok4eYWq4MyFyVYGBhENTdGiJF6kVx-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

http://www.bestfarmclear.com/bTJ47pk3uGhJf_cadYBoDbsJtCAM5TNhj7UeeXPdGRny2GYwBLbcbeTTEgjX18Ubu_7G1FbiQqGDHkEY9GCugz8ENoVC0ttLD6 VTEWEhwAAPmQ2kDPjpxqfhbBHWUxcojKSV9DyflRRviu5DlR3CZJclPsCrcIalksBfmtee1dQD283B0Lck7 T9ltlfd1DYRO_ioQ9YBnW1pMOSIkoLWPbvWNo8Bfnj8cAmeb9m9kEIod8oIVtPmHRBOLjGejCYS IrNpUvyNXlU9hLXou349fZreLcGFO7UKkzjtfn7_ULDpJash1lyqr_MCRKqUJHenPhqhg_wqBhb2h7IlRQZTdTj9g55J9POUH_hJppEKzQiVeeC0Zsd_kVLtGoSrf1yAz7WAAbV8eXsOmNlRaX4fLqNrW46KdyHeOg1EQpk0LtH9eg3IlVS8tDFhHMXZ7H46qlDXzmpWrrCO9k7iGZsE7OUaAaYeweUx5wz57Shz2oHX73EtbFpsE1Dv7EdiVH7Lix3ab-GzEAAMTaOU4 g0yL7Tdxyg18etGFbKJQQ6oD2Xh6OmS2EVvlkwfcyxVDg04r8GuCDw==

Remove z-zipsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.