home

loader32.exe

ExploitShield

ZeroVulnerabilityLabs, Inc.

It runs as a scheduled task under the Windows Task Scheduler named ExploitShield triggered to automatically run when the computer boots. This is installed with ZeroVulnerabilityLabs ExploitShield version 0.8.1 beta.
Publisher:
ZeroVulnerabilityLabs, Inc.  (signed and verified)

Product:
ExploitShield

Description:
ExploitShield Loader

Version:
0.9.0.1

MD5:
f4b69b02820d5a5883be262c5f90724a

SHA-1:
ceb4dcd162fc5a96d2ee872d40a4fbc124905acd

SHA-256:
e4a5d6dfdd7a6a929875e7a9fc8fe6008dde1229a9e23d0a1b5fd3c7b072cd5c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 4:26:33 AM UTC  (today)

File size:
45.2 KB (46,296 bytes)

Product version:
0.9.0.1

Copyright:
(c) 2012 ZeroVulnerabilityLabs, Inc.

Original file name:
Loader

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\zerovulnerabilitylabs\exploitshield\loader32.exe

Digital Signature
Signed by:
ZeroVulnerabilityLabs, Inc.

Authority:
DigiCert Inc

Valid from:
5/29/2012 2:00:00 PM

Valid to:
6/3/2013 2:00:00 PM

Subject:
CN="ZeroVulnerabilityLabs, Inc.", O="ZeroVulnerabilityLabs, Inc.", L=San Jose, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07CA76C80E17FD2CA42587E9B14D22CE

File PE Metadata
Compilation timestamp:
3/28/2013 1:33:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
384:OemFwQS6Rvd7RyxwiHeBcdtfwOYH896vKwUbki4+UqGDtY6l1Z9mTklsbZs03PKG:OVy6RvVR8dtj9QBUFAjDC6lhukaKgoQ

Entry address:
0x110B4

Entry point:
E9, 17, 21, 00, 00, E9, A2, 1F, 00, 00, E9, 11, 3D, 00, 00, E9, 78, 13, 00, 00, E9, 5B, 3D, 00, 00, E9, C2, 1F, 00, 00, E9, 49, 1D, 00, 00, E9, 6C, 1F, 00, 00, E9, AF, 24, 00, 00, E9, D0, 3C, 00, 00, E9, 3D, 34, 00, 00, E9, B6, 1F, 00, 00, E9, 51, 3D, 00, 00, E9, D2, 36, 00, 00, E9, 9B, 1F, 00, 00, E9, F4, 3C, 00, 00, E9, 3D, 1C, 00, 00, E9, C2, 2D, 00, 00, E9, 1D, 1F, 00, 00, E9, B8, 34, 00, 00, E9, 6B, 1C, 00, 00, E9, 0C, 3D, 00, 00, E9, C5, 3C, 00, 00, E9, 5E, 30, 00, 00, E9, BF, 1E, 00, 00, E9, 4A, 2A...
 
[+]

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
19.5 KB (19,968 bytes)

2 Scheduled Tasks
Task name:
ExploitShield

Trigger:
Logon (Runs on logon)

Action:
loader32.exe C:\Program Files\zerovulnerabilitylabs\exploitshie

Task name:
ExploitShield

Path:
C:\WINDOWS\Tasks\ExploitShield.job

Trigger:
Boot (Runs on boot)


The file loader32.exe has been discovered within the following program.

ZeroVulnerabilityLabs ExploitShield version 0.8.1 beta  by ZeroVulnerabilityLabs
Publisher's description - “Every week new financial, state-sponsored and commercial espionage targeted attacks are discovered. These sophisticated advanced persistent threats use arsenals of vulnerability exploits that are weaponized to steal confidential information and trade secrets.”
www.zerovulnerabilitylabs.com
About 13% of users remove it
 
Powered by Should I Remove It?

Scan loader32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.