» szninstall.exe
Overview
Analysis
File Details
Behaviors (1)

szninstall.exe

Seznam.cz, a.s.

The application szninstall.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘seznam-listicka-distribuce’.

File name:

szninstall.exe

Publisher:

Seznam.cz, a.s. (signed and verified)

MD5:

007fedc6a4311f63180f8d3e04181b7b

SHA-1:

097901a4e22a91c1cf0c0578204c031d7b1cbfa7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 9:32:33 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Seznam (M)

16.10.19.12

File size:

1.1 MB (1,187,288 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\seznam.cz\distribution\szninstall.exe

Digital Signature

Signed by:

Seznam.cz, a.s.

Authority:

Thawte, Inc.

Valid from:

3/30/2012 2:00:00 AM

Valid to:

4/5/2013 1:59:59 AM

Subject:

CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Prague, S=Prague, C=CZ

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

21B58554A9C9CF7AFF175ED969E70001

File PE Metadata

Compilation timestamp:

9/13/2012 3:24:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:O4Djm0Qd66UGerG3fJctGgnT5dosLtXjF/Lwh2RZacW5Cvex:Oy9R2vmGoTXnfK2qZoq

Entry address:

0xFA000

Entry point:

90, B8, 2D, 91, AB, 09, 68, 1E, A0, 4F, 00, 5A, 90, 68, 98, 05, 00, 00, 5F, 31, 04, 3A, 90, 83, EF, 03, 4F, 90, 90, 75, F4, 90, 90, 90, C5, EC, AA, 09, 2D, 91, AB, 09, 2D, 91, EB, 09, CA, 3D, AE, 09, A5, F7, A4, 09, F5, FC, A4, 09, 2D, 21, A9, 09, 2C, 91, AB, 09, 49, E1, E2, 09, D9, CE, E7, 09, 2D, F1, E7, 09, 91, D6, A7, 09, DF, CE, A7, 09, D3, CE, A7, 09, 49, CF, A2, 09, DF, CE, A7, 09, D3, CE, A7, 09, 2D, 91, AB, 09, 2D, 91, AB, 09, 2D, 91, AB, 09, 2D, 91, AB, 09, 2D, 91, AB, 09, 2D, 91, AB, 09, 2D, 91... 
[+]

Code size:

598.5 KB (612,864 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

seznam-listicka-distribuce

Command:

"C:\Program Files\seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate

Remove szninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.