zp861free.exe

Inmatrix LTD

The application zp861free.exe by Inmatrix has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from global-shared-files-l3.softonic.com and multiple other hosts.
Publisher:
Inmatrix LTD  (signed and verified)

MD5:
6eebdbd03804dd38ec76bf85660a91d2

SHA-1:
95656e3c656ec72fc53946d250fc7e2eab4655ca

SHA-256:
2c74e611d2e023b33ed8f544065aa17e8917fa45418215ae31f19bef43933a9c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 2:56:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Inmatrix.J
14.4.13.17

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14212

File size:
7.5 MB (7,825,968 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/26/2012 1:00:00 AM

Valid to:
11/27/2015 12:59:59 AM

Subject:
CN=Inmatrix LTD, OU=Zoom Player, O=Inmatrix LTD, POBox=9436, STREET=1 Hagefen st., L=Haifa, S=Northern Israel, PostalCode=31094, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CADC0D3D5A82BDE1327BAF171510D19D

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:2AbKHrnyns8o+OuiwEq2VB0P+tXUV+NmPeSU8NAVV:pSWJJid/BLj+e+8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file zp861free.exe has been seen being distributed by the following 5 URLs.

Remove zp861free.exe - Powered by Reason Core Security