» tzwljzeqme.exe
Overview
Analysis
File Details

tzwljzeqme.exe

Goobzo LTD

The application tzwljzeqme.exe by Goobzo has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

tzwljzeqme.exe

Publisher:

Goobzo LTD (signed and verified)

Version:

1.34.6.10

MD5:

8dcec474d00d7bd33fe3f0cd47f0eecd

SHA-1:

5429bf5c13b7475df7896d5e2a1caa72fde92c0f

SHA-256:

bf8de9be756c033c7a5e720efbb0fdfd5b7ba264da327334aa10648ce6228afa

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 4:59:07 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MulDrop

2014.06.24

AVG

Skodna

2016.0.3159

Dr.Web

Trojan.Crossrider.17413

9.0.1.084

ESET NOD32

JS/Toolbar.Crossrider

9.9986

G Data

Script.Application.Plush

15.3.24

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.crossRider.A

v2015.03.25.08

NANO AntiVirus

Riskware.Nsis.Downware.yrefc

0.28.0.60253

Reason Heuristics

PUP.Installer.Goobzo

15.3.25.20

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15323

VIPRE Antivirus

Goobzo

30574

File size:

9.3 MB (9,741,336 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\tzwljzeqme.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 7:00:00 PM

Valid to:

5/2/2015 6:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

12/4/2012 7:55:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:V5wcRHNPHUwR5+PPi01mPc06c4wV8QWv5JKFW3rIT2mbCNUg/gwpP:fwcRtvnb+C0m1hk7Kw3r7mbg/t

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9990 (probably packed)

Code size:

34.5 KB (35,328 bytes)

Remove tzwljzeqme.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.