home

onehepmzaw.exe

It runs as a separate (within the context of its own process) windows Service named “onehEpMZAw”.
MD5:
92a206135f49462c051f87d304b64c23

SHA-1:
dbe47f133729031d4e62342081b481e7b211188e

SHA-256:
df1e83e1c9c29272522b64bbeec3955cc81ee8cc6f7968fae7cb47ade5c4e4d7

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/23/2024 7:27:31 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
8.3.2.2

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

File size:
2.6 MB (2,733,552 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\ProgramData\izhywkaw\onehepmzaw.exe

File PE Metadata
Compilation timestamp:
2/19/2015 11:07:24 PM

OS version:
4.0

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x29B04E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9995

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,724,352 bytes)

Service
Display name:
onehEpMZAw

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Scan onehepmzaw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.