» MemZilla.exe
Overview
Analysis
File Details
Programs (1)

MemZilla.exe

Dr.Salman's Window Power Tools - MemZilla

Dr Salman Zafar

The application MemZilla.exe by Dr Salman Zafar has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program MemZilla 2012 by Digital Millenium Inc.

File name:

MemZilla.exe

Publisher:

Digital Millenium Inc (signed by Dr Salman Zafar)

Product:

Dr.Salman's Window Power Tools - MemZilla

Description:

MemZilla

Version:

5.21.2012

MD5:

f49d6527adc31bee0dec24c59bbe37d5

SHA-1:

ebdbccd0be921b69f22adbd99514d87be2a36234

SHA-256:

eab624be61dad7919e4b13a2b1be82c4c6c13ac1480bf77b3994132d6375cadf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:55:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DrSalmanZafar (M)

15.10.12.7

File size:

419.3 KB (429,312 bytes)

Product version:

5.21.2012

Dr.Salman Zafar and Digital Millenium Inc.

Trademarks:

Dr.Salman's Window Power Tools and MemZilla

Original file name:

MemZilla.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\memzilla 2012\memzilla.exe

Digital Signature

Signed by:

Dr Salman Zafar

Authority:

COMODO CA Limited

Valid from:

5/2/2012 7:00:00 PM

Valid to:

5/3/2013 6:59:59 PM

Subject:

CN=Dr Salman Zafar, O=Dr Salman Zafar, STREET=8 Achilles Road, L=Coventry, S=West Midlands, PostalCode=CV6 7NH, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7BDC15504020A97470E73278B5718D59

File PE Metadata

Compilation timestamp:

5/13/2012 11:29:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:VPChILtGXMIwlmwZ3PdSVCjG40XyHvwoG7Wl:VKhILoXalmAPcVl4FYoGal

Entry address:

0x1000

Entry point:

68, 01, B0, 4C, 00, E8, 01, 00, 00, 00, C3, C3, 30, EA, ED, 4E, 87, ED, 15, 1D, 46, 54, 11, E9, 22, 69, 72, 5D, 21, 3C, D6, 45, 92, 10, 8F, F7, 0E, 48, 82, 39, 65, 1E, 1E, 48, DC, E4, E6, A9, 7A, F8, B6, AE, 46, FD, 9A, E1, D9, 28, 55, 15, C6, 15, C4, DB, D1, 55, D4, CE, 70, E8, 18, FD, CC, DA, 5F, 84, F3, 92, B2, 60, CB, 5C, 91, C2, 98, F7, CA, 86, C6, 0F, B4, F0, 5D, 5A, 3B, AC, 21, 93, B7, A9, 08, C1, 55, 4E, 3A, 7B, 9E, B4, 44, 6B, 8B, 2F, 0E, C1, 38, 4E, 76, AD, 8E, A1, 7A, EE, B4, 68, 83, 44, E7, 9B... 
[+]

Entropy:

7.9213

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

772 KB (790,528 bytes)

The file MemZilla.exe has been discovered within the following program.

MemZilla 2012 by Digital Millenium Inc

dmisoftware.com

About 3% of users remove it

Remove MemZilla.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.