home

zipgames.exe

ZipArcade

The executable zipgames.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from clmi.ziparcade.com and multiple other hosts.
Publisher:
ZipArcade  (signed and verified)

MD5:
f3fa02ee18ec35f8402ee84c720a74b9

SHA-1:
40128db64fa309cba27c336024f06c7f28ade86a

SHA-256:
21cfaa422d1cfef570ccb5b0298b7c7490375ac69a974fdf26d225cd02417348

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/5/2024 6:31:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

Reason Heuristics
PUP.ZipArcade.Installer (M)
16.2.19.20

File size:
86.2 KB (88,296 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\zipgames.exe

Digital Signature
Signed by:
ZipArcade

Authority:
thawte, Inc.

Valid from:
7/7/2015 5:00:00 PM

Valid to:
7/7/2016 4:59:59 PM

Subject:
CN=ZipArcade, O=ZipArcade, L=Lake Forest, S=California, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4B212C12DA0FC083320E605AE5843833

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:9QpQ5EP0ijnRTXJvz9POudw3zCvknW2oaNTsJ5GeXDmy4Df0qcM:9QIURTXJxPOQo2vmW2oaNTIrW0qcM

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2226

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file zipgames.exe has been seen being distributed by the following 50 URLs.

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/click?t=YTM3NTgyNDI5OTauslbtmHRjqW2e8QIyN3 NIKozSJBQBhhBm8kIkIcesMZJBQ1rfHwlbgPxfLLGC7b4ygXqPKDHgBBIkQN16hDDtR76QyenhEc91cuSo/.../X67qT0Vj8SLvziQorVhBKWBdKlMqnf0YwfuqNwXF4ZB1YvIL19n1Q==&c=gameId285

http://ziparcade.com/zip/click?t=YTE2MzM1MDE4NzMUUjv7wBngubccXaBI/.../LoSn9j1UDEcxjmoTbu7c0 0gPu6qM qaO4XO3u00qUbopotx4vspRgY71KPWVtg4ZFyz b9RxnIprGHg6o7ZuIo5g==

http://ziparcade.com/zip/click?t=OTk1OTQ2MTg3NhtFcjzs1/AWFiO rVybfvdS/EGkO1Lu5wo0U CVdbZqhkmvd1DQ/.../T2hnAehE1E7sPF7V6 PSLsHoRXGa7nzG2UyaDUJdkEmu9oeiPdB noU8xoYi1OypmJIBjYvylY03f8FAEEIjhdykfY &c=gameId17877

http://ziparcade.com/zip/click?t=OTU5MTAyMDczNhtFcjzs1/AWRM5bc1dnRgDb/T4t0B8Dl0cWecfu9zpO9U/.../5ENUCOayqSsm934pif OFscVPa0zXcjzVijP3m4adcVgvj64QYtUHO

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/.../JMWA==&c=gameId2811

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/.../click?t=YTM3Mjg0ODg4MjSuslbtmHRjqW2e8QIyN3 NIKozSJBQBhhBm8kIkIcesNNXaiiEyYgEvNNNMg3YQdH4ygXqPKDHgBBIkQN16hDDQ0a3j4zWBQm52UKYpYc MMMOfLD0ifczdIRICCXMh98hGzoTSf6oYI4jNcXpVj9amhBKgHyXsIwoen4CAmKWJg==

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/click?t=YTI0MzgyODQxNDiQjPdZoHE/trJMqlr2ZDnkZcZ5iUiWnL5Tbw/xVSXnAxLOGlP8VWAMAGjf9grxURHSjcnKghKLHZA3HICOx2rvf1ex1p6yTd6amValtP7ryUSXjx/RruWevzASL6EkdeeJ2cJ0oiDkN6J1xsIZeiAU1ondn2z7LCPgZXmv/.../8w==&c=gameId2811

http://ziparcade.com/zip/click?t=OTE0NjE2MjEwMLz3WqbbqEOALp9mNR7cpmGRLcmpxQzhvbHYudbyPlIN3jbyN2SYa2HZvGHzQr9oy0Fg5haX7RZJSY7a1o6aMJMPE7FWk4c8LJqbdTJrAZtk/.../Z37 g9crYoLE&c=gameId3943

http://ziparcade.com/zip/click?t=YTQxNTgwNzkxNzC891qm26hDgI5MXGmj9fEDbmZ0PqdaFfOZpAx6ROsIMhwvcJEy tplZZUf7xQ6VIzHQlfeMUbIK7M3McAwVI9Es5ECJO3U7hSn0/.../JvzVhSA==&c=gameId2811

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/.../z75rBQe8t6j0PUaXA8a361Jw==

http://ziparcade.com/.../click?t=YTMyOTAxMTkwMTWuslbtmHRjqW2e8QIyN3 NIKozSJBQBhhBm8kIkIcesNNXaiiEyYgEvNNNMg3YQdH4ygXqPKDHgBBIkQN16hDDUEER6TqcfjLropapfkzGIGtQikNMFopNX4Xu4FYAYY HOtVhAeGJCXcUOYS1C65xL3z2UjV03vYK08l44lC5hg==

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/click?t=YTEzMDI1NDQ0NjSXNpDkxGPiFfCBqcTzLLjI6BhhWJnt DUPgocRNXDQqzYh9j1br2YbmWIRubXLfjqkEkZToos7VrKpfIyunK9LOfQ/.../yAvpjGEA710rkWu0mQK03k9Q==&c=gameId17398

http://ziparcade.com/.../click?t=YTQxODI5ODI0NTOuslbtmHRjqW2e8QIyN3 NIKozSJBQBhhBm8kIkIcesMZJBQ1rfHwlbgPxfLLGC7b4ygXqPKDHgBBIkQN16hDDaQ1aD3056P rWZALwsr4xmOFsS6wRz pI8SXpD2LLJQ2mMetD zvdx6L8lu2LXqa9srEc23W5qf7D1LzRq10vQ==&c=gameId18095

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/click?t=YTI3ODQ3MDUwMjWI7dd Shm3XlFP6nVvfUI1BUcrMx3PWMz1kWI7T4AUDoxbPivnCZPGy7GaSWO5S039k9mOX/.../w5CsStuPQBhkwmYnotB098bdVcp85iUhUAWXfg28Iu2HBWOg8W5lzXTxwFrxleRToufRR1Rp7s0LIIzNYmaWA==

http://clmi.ziparcade.com/zip/inst/.../ZipGames.exe

http://ziparcade.com/zip/click?t=YTMyMTUwMTU5MjgUUjv7wBnguW857Sqn4LyORuGUBeJ1Ja7u0O08WCdEZfPCF6R1c2RmsbMeWVKL4jm2RaznKFwQBcdxYDbBj1ms3Wn2L8zJsHPL/pyvyEDl ZY9SDuYTeQnjmR5z11A7m/.../mKIZc5UEt0vFUPWe5Pnlq1DQcbkEWHyNugh4veQ==&c=gameId2811

http://ziparcade.com/.../click?t=YTE2OTA5NzYzNjeuslbtmHRjqW2e8QIyN3 NIKozSJBQBhhBm8kIkIcesMZJBQ1rfHwlbgPxfLLGC7b4ygXqPKDHgBBIkQN16hDDs4xUfrJXVzPXe6glGdXvW8O2v9isPEP21P2I6rnRlfIjmLQUNfTyFySaXc1dUvLTlBpnsIueeAp7Spuu3M8m2Q==&c=gameId3644

Latest 30 of 158 download URLs

Remove zipgames.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.