home

seznam.cz.exe

Seznam.cz, a.s.

The application seznam.cz.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address srank.seznam.cz on port 443.
Publisher:
Seznam.cz, a.s.  (signed and verified)

MD5:
523b34195ea1aa4f6f4417567966df48

SHA-1:
c436217ad27ef330c2811b91d6304c98574be0f2

SHA-256:
f8c732b33e491a25a71da07eae8c9b97e9e2679c52026b6ee709c4b89f78626c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 2:56:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Seznam (M)
16.10.19.12

File size:
1 MB (1,054,904 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe

Digital Signature
Signed by:
Seznam.cz, a.s.

Authority:
thawte, Inc.

Valid from:
4/6/2016 2:00:00 AM

Valid to:
4/10/2017 1:59:59 AM

Subject:
CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6B57C0310010618229A5DBCF37838A9F

File PE Metadata
Compilation timestamp:
7/14/2016 5:06:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:T1Oh2aygHznXwDsmgn4WPdI6Vvfccu077kJuqqU32f9w6/3VmRsb2:T1Oh2alHzYsj4gFfccGH3yJVmRO2

Entry address:
0x68C0E

Entry point:
E8, 80, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 4C, 24, 0C, 8B, 54, 24, 10, 8B, 5C, 24, 14, F7, C3, FF, FF, FF, FF, 74, 51, 2B, CA, F7, C2, 03, 00, 00, 00, 74, 18, 0F, B6, 04, 0A, 3A, 02, 75, 48, 85, C0, 0F, 44, D8, 42, 83, EB, 01, 76, 34, F6, C2, 03, 75, E8, 8D, 04, 0A, 25, FF, 0F, 00, 00, 3D, FC, 0F, 00, 00, 77, D9, 8B, 04, 0A, 3B, 02, 75, D2, 83, EB, 04, 76, 14, 8D, B0, FF, FE, FE, FE, 83, C2, 04, F7, D0, 23, C6, A9, 80, 80, 80, 80, 74, D1, 33, C0, 5E, 5B, C3, 8D, 64...
 
[+]

Code size:
647 KB (662,528 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe" -surl="%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to zeptejsekrastyho.seznam.cz  (77.75.79.61:443)

TCP (HTTP SSL):
Connects to srank.seznam.cz  (77.75.77.66:443)

TCP (HTTP SSL):
Connects to download.seznam.cz  (77.75.77.38:443)

TCP (HTTP SSL):
Connects to h.imedia.cz  (77.75.77.9:443)

TCP (HTTP SSL):
Connects to fimg-resp.seznam.cz  (77.75.79.126:443)

TCP (HTTP SSL):
Connects to 10.im.cz  (77.75.78.19:443)

TCP (HTTP SSL):
Connects to software.seznam.cz  (77.75.79.37:443)

TCP (HTTP SSL):
Connects to login.szn.cz  (77.75.78.55:443)

TCP (HTTP SSL):
Connects to geo.seznam.cz  (77.75.78.146:443)

TCP (HTTP SSL):
Connects to email.seznam.cz  (77.75.76.150:443)

TCP (HTTP SSL):
Connects to ad.seznam.cz  (77.75.78.72:443)

TCP (HTTP SSL):
Connects to tags.expo9.exponential.com  (204.11.109.77:443)

TCP (HTTP SSL):
Connects to sync.software.seznam.cz  (77.75.79.134:443)

TCP (HTTP):
Connects to server-52-85-184-237.fra2.r.cloudfront.net  (52.85.184.237:80)

TCP (HTTP SSL):
Connects to sdn.szn.cz  (77.75.76.182:443)

TCP (HTTP):
Connects to msnbot-207-46-194-10.search.msn.com  (207.46.194.10:80)

TCP (HTTP SSL):
Connects to ls3.host.hit.gemius.pl  (137.74.1.65:443)

TCP (HTTP SSL):
Connects to i.im.cz  (77.75.78.2:443)

TCP (HTTP):
Connects to ec2-54-76-135-7.eu-west-1.compute.amazonaws.com  (54.76.135.7:80)

TCP (HTTP SSL):
Connects to assigned-81-0-212-209.casablanca.cz  (81.0.212.209:443)

Remove seznam.cz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.