home

EzQ.exe

EzQ Messenger 2009

EZNIX Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘JBEdu Messenger’.
Publisher:
EZNIX. Inc  (signed by EZNIX Inc.)

Product:
EzQ Messenger 2009

Version:
6.0.6.835

MD5:
4803c13c67c0b0fee64f74bc2ff8343d

SHA-1:
26623c708b0de5cbb64fb766f006bdfe13dc6c5d

SHA-256:
0f64029ec6fd4d46457b451cc42d805e2bab9c764873d4d0390cca0ea68e08c9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:22:34 PM UTC  (today)

File size:
9.4 MB (9,893,968 bytes)

Product version:
6.0.4.0

Copyright:
EZNIX. Inc

Trademarks:
EzQ Messenger 2009

Original file name:
EzQ.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
EZNIX Inc.

Authority:
Thawte, Inc.

Valid from:
10/16/2012 9:00:00 AM

Valid to:
12/10/2014 8:59:59 AM

Subject:
CN=EZNIX Inc., O=EZNIX Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E78017A7BF71B6762A603DC41FB6B5

File PE Metadata
Compilation timestamp:
7/7/2014 1:43:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:prp2WeFuKOeE8b9YeC7ynl8Q7mGbl3Bp+rTtXTwCeAky0TqQSJS9fKzzzzzzzzzX:RKOeEo87ol8Q7m23B0F3jz

Entry address:
0x507AD0

Entry point:
55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, AC, 2D, 90, 00, E8, 00, 06, B0, FF, 33, C0, 55, 68, AD, 7D, 90, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 4D, B9, AF, FF, 8B, 45, EC, BA, C4, 7D, 90, 00, E8, 3C, E0, AF, FF, 75, 46, A1, 40, 4D, 92, 00, 8B, 00, E8, 56, 01, B8, FF, A1, 40, 4D, 92, 00, 8B, 00, BA, D4, 7D, 90, 00, E8, FD, FB, B7, FF, 8B, 0D, 44, 4A, 92, 00, A1, 40, 4D, 92, 00, 8B, 00, 8B, 15, A0, 9E, 8B, 00, E8, 45, 01, B8, FF, A1, 40, 4D, 92, 00...
 
[+]

Entropy:
6.4652

Developed / compiled with:
Microsoft Visual C++

Code size:
5 MB (5,271,552 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
JBEdu Messenger

Command:
"C:\jbedu messenger\ezq.exe"


Scan EzQ.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.