home

kb00320597.exe

Zello

Zello Inc

The executable kb00320597.exe has been detected as malware by 8 anti-virus scanners.
Publisher:
Zello Inc

Product:
Zello

Version:
1, 43, 0, 0

MD5:
4e5ed396ae0621fa9c19eb88ff4054a6

SHA-1:
febfdf2d79fbc71bcf455107fce27025688d0a22

SHA-256:
c6c0596e66c51ed456cbe07bf58a101fd2c4d85edd6f17ff1236080594b8aa55

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/25/2024 2:21:22 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Wiroled.A.17
7.11.173.100

ESET NOD32
Win32/Injector.BMCU (variant)
8.10442

Kaspersky
Trojan.Win32.Yakes
15.0.0.494

Malwarebytes
Trojan.Ransom.ED
v2014.09.19.10

McAfee
Artemis!4E5ED396AE06
5600.7002

Panda Antivirus
Trj/Chgt.G
14.09.19.10

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Sophos
Troj/Wonton-HQ
4.98

File size:
246.5 KB (252,416 bytes)

Product version:
1, 43, 0, 0

Copyright:
Copyright © 2007-2014 Zello Inc

Original file name:
Zello.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\kb00320597.exe

File PE Metadata
Compilation timestamp:
9/18/2014 11:43:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:FFsIC7EhwmQygp0WvdYw/+BR1GntfTk+Q2kjjsv6nXRQPxbyedWyp6KTVprEAm5D:FFsIvP4bvttf486nhQPhyilIAmViS

Entry address:
0x419C

Entry point:
E8, 12, 61, 00, 00, E9, 1E, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 33, C0, 53, 8B, 5D, 0C, 56, 8B, 75, 10, 57, 8B, 7D, 08, 88, 45, F8, 88, 45, F9, 88, 45, FA, 88, 45, FB, 88, 45, FC, 88, 45, FD, 88, 45, FE, 88, 45, FF, 39, 05, 58, 40, 43, 00, 74, 0E, FF, 35, 08, 5C, 43, 00, E8, D1, 5A, 00, 00, 59, EB, 05, B8, 44, A3, 40, 00, 8B, 4D, 14, BA, A6, 00, 00, 00, 3B, CA, 0F, 8F, 74, 01, 00, 00, 0F, 84, 5B, 01, 00, 00, 83, F9, 19, 0F, 8F, F8, 00, 00, 00, 0F, 84, E9, 00, 00, 00, 8B, D1, 6A, 02, 59, 2B, D1, 0F...
 
[+]

Entropy:
4.7760

Code size:
75.5 KB (77,312 bytes)

Remove kb00320597.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.