zaxarsetup.4.001.29.exe

ZAXAR LTD

The application zaxarsetup.4.001.29.exe by ZAXAR has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from mediamagnet.cc and multiple other hosts.
Publisher:
ZAXAR LTD  (signed and verified)

MD5:
3f177d822d3b87db47df9d59bb4eb23b

SHA-1:
f6e6a037ca05b04cac97117d86a56bcb0a055799

SHA-256:
3f095707b4cacf54b759d0fa1efa649fb6ce7d28d775e0152befda13c1c2f914

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
12/26/2024 4:58:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.146416
919

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-140731

Bitdefender
Gen:Variant.Graftor.146416
1.0.20.1060

Comodo Security
UnclassifiedMalware
19008

Dr.Web
Trojan.DownLoader11.3101
9.0.1.0212

Emsisoft Anti-Malware
Gen:Variant.Graftor.146416
8.14.07.31.04

ESET NOD32
Win32/ZaxarGames (variant)
8.10168

Fortinet FortiGate
Riskware/ZaxarGames
7/31/2014

F-Secure
Gen:Variant.Graftor.146416
11.2014-31-07_5

G Data
Gen:Variant.Graftor.146416
14.7.24

McAfee
Artemis!3F177D822D3B
5600.7053

MicroWorld eScan
Gen:Variant.Graftor.146416
15.0.0.636

Panda Antivirus
Trj/CI.A
14.07.31.04

Reason Heuristics
PUP.Installer.ZAXAR.Q
14.7.31.4

Sophos
Generic PUA GG
4.98

Trend Micro House Call
Suspicious_GEN.F47V0721
7.2.212

VIPRE Antivirus
Trojan.Win32.Generic
31708

File size:
531.7 KB (544,480 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\zaxarsetup.4.001.29.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/25/2014 4:00:00 AM

Valid to:
11/9/2015 3:59:59 AM

Subject:
CN=ZAXAR LTD, OU=IT, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B2994888FDF0C08A357CC9C600C2C4D

File PE Metadata
Compilation timestamp:
12/25/2013 9:01:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zIkeizLLXazoos5Bcg62hW7ZBtU/7K+rc:L7K05BcgPW77W/7K1

Entry address:
0x3229

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, 4F, 43, 00, E8, 9F, 2E, 00, 00, A3, A4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 3E, 43, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file zaxarsetup.4.001.29.exe has been seen being distributed by the following 2 URLs.

Remove zaxarsetup.4.001.29.exe - Powered by Reason Core Security