» loader64.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

loader64.exe

ExploitShield

ZeroVulnerabilityLabs, Inc.

It runs as a scheduled task under the Windows Task Scheduler named ExploitShield triggered to execute each time a user logs in. This is installed with ZeroVulnerabilityLabs ExploitShield version 0.8.1 beta.

File name:

loader64.exe

Publisher:

ZeroVulnerabilityLabs, Inc. (signed and verified)

Product:

ExploitShield

Description:

ExploitShield Loader

Version:

0.8.0.1

MD5:

ea065444df2c19787a56d36a09a71646

SHA-1:

20cc0001144d56c8d93dbd5290b68dc7cadb7fcb

SHA-256:

a0056dd9e7e0d07c0be3a231f26974a1e3f3711e2e66c3f9efa2e53cefc04a00

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 7:18:35 PM UTC (today)

File size:

56.2 KB (57,560 bytes)

Product version:

0.8.0.1

Original file name:

Loader

File type:

Executable application (Win64 EXE)

Language:

English

Common path:

C:\Program Files\zerovulnerabilitylabs\exploitshield\loader64.exe

Digital Signature

Signed by:

ZeroVulnerabilityLabs, Inc.

Authority:

DigiCert Inc

Valid from:

5/29/2012 1:00:00 AM

Valid to:

6/3/2013 1:00:00 PM

Subject:

CN="ZeroVulnerabilityLabs, Inc.", O="ZeroVulnerabilityLabs, Inc.", L=San Jose, S=California, C=US

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07CA76C80E17FD2CA42587E9B14D22CE

File PE Metadata

Compilation timestamp:

11/30/2012 1:09:25 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

384:UFv0UqBQsgFmnli+xxAxL3x0gh/h2KOej98/nXQvgQUqW2SGtaTnGYZyNzOzQkx/:sq/Xnl1a2KO+ivQzUTOm53O7ukZKgrCP

Entry address:

0x2C10

Entry point:

48, 83, EC, 28, E8, 07, 0F, 00, 00, E8, 12, 00, 00, 00, 48, 83, C4, 28, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 68, 48, C7, 44, 24, 40, 00, 00, 00, 00, E8, FE, 01, 00, 00, 48, 8B, 40, 08, 48, 89, 44, 24, 38, C7, 44, 24, 30, 00, 00, 00, 00, 48, 8B, 44, 24, 38, 48, 89, 44, 24, 58, 48, 8D, 0D, C4, 8A, 00, 00, 33, C0, 48, 8B, 54, 24, 58, F0, 48, 0F, B1, 11, 48, 89, 44, 24, 40, 48, 83, 7C, 24, 40, 00, 74, 23, 48, 8B, 44, 24, 38, 48, 39, 44, 24, 40, 75, 0A, C7, 44, 24, 30, 01, 00, 00... 
[+]

Entropy:

4.6501

Code size:

24 KB (24,576 bytes)

Scheduled Task

Task name:

ExploitShield

Trigger:

Logon (Runs on logon)

The file loader64.exe has been discovered within the following program.

ZeroVulnerabilityLabs ExploitShield version 0.8.1 beta by ZeroVulnerabilityLabs

Publisher's description - “Every week new financial, state-sponsored and commercial espionage targeted attacks are discovered. These sophisticated advanced persistent threats use arsenals of vulnerability exploits that are weaponized to steal confidential information and trade secrets.”

www.zerovulnerabilitylabs.com

About 13% of users remove it

Scan loader64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.