home

addon.exe

Zillya!Antivirus Downloader

ALLIT Service, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ZAV Downloader’.
Publisher:
ALLIT Service, LLC.  (signed and verified)

Product:
Zillya!Antivirus Downloader

Description:
Downloader for Zillya! Antivirus

Version:
1.0.0.0

MD5:
17cef39909a4d6634e92ccb99fa18a6d

SHA-1:
87ed9368c92cea470c279af057cb94979cdb5c1e

SHA-256:
d69bd743fa30350d2b9c57fab0480ee540e3a61700a343a7576cd217645b2e18

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 9:35:13 PM UTC  (today)

File size:
986 KB (1,009,696 bytes)

Product version:
1.0.0.0

Copyright:
(c) 2009 - 2012 ALLIT Service, LLC. All rights reserved.

Original file name:
ZillyaDownloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\addon.exe

Digital Signature
Signed by:
ALLIT Service, LLC.

Authority:
COMODO CA Limited

Valid from:
7/4/2013 4:00:00 AM

Valid to:
7/5/2014 3:59:59 AM

Subject:
CN="ALLIT Service, LLC.", O="ALLIT Service, LLC.", STREET="Observatornaya st., 23, apt. 17", L=Kyiv, S=Kyivska, PostalCode=04053, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F11A5E458C5FF44BEE23F0E59EA67D0C

File PE Metadata
Compilation timestamp:
7/9/2013 1:52:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:d/pVOw8EEgVci8ycDHOuEX6ml4eqBDp5k:1pVgEEdi8yAXY6uO4

Entry address:
0x1C7B20

Entry point:
60, BE, 00, 00, 53, 00, 8D, BE, 00, 10, ED, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
608 KB (622,592 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ZAV Downloader

Command:
C:\users\{user}\appdata\local\temp\addon.exe -bad


Scan addon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.