home

z-journal.exe

Z-Journal

Andreas Baumann

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘z-journal’.
Publisher:
IMU - Andreas Baumann  (signed by Andreas Baumann)

Product:
Z-Journal

Description:
Z-DBackup Journal-View

Version:
3.00.0003

MD5:
969283c1dbf0202682a90430a173b542

SHA-1:
a1157ebd387fa8af4c3671c9c9b2146d2ac41338

SHA-256:
1af3cfd4e92174845276a0085f61341e79e01c9f67c41ecd5a1e33dcef839af6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:17:13 PM UTC  (today)

File size:
187.9 KB (192,392 bytes)

Product version:
3.00.0003

Copyright:
© A.Baumann 2006 - 2010

Original file name:
z-journal.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\z-journal\z-journal.exe

Digital Signature
Signed by:
Andreas Baumann

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
1/8/2010 1:00:00 AM

Valid to:
2/20/2011 12:59:59 AM

Subject:
CN=Andreas Baumann, OU=SECURE APPLICATION DEVELOPMENT, O=Andreas Baumann, L=Berlin, S=Berlin, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
7C65C550EF3872A3BEFFAE18C4180614

File PE Metadata
Compilation timestamp:
7/15/2010 8:04:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:mOHDay8ij47pj1E6sVBNcdnFEhkoiz/dKBXuIU9m5DnzjfSN9H:zHxj4711OOdFEhkLDUBXem53bSN

Entry address:
0x36B0

Entry point:
B8, DC, 11, 48, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 83, 73, 6B, 8E, A5, 24, 48, 86, AE, 56, 13, 04, 58, 9F, 7C, 6E, 31, 56, CD, 5C, B8, DB, 7C, 6A, AA, 6D, 1B, 6B, C7, 60, D8, 11, F0, 89, E7, 95, A9, ED, 45, 7C, F8, 13, E1, 60, 0A, 9D, 6B, A1, CE, 46, DD, B9, E3, 6C, 1D, 12, EC, 57, 61, CC, F9, 8D, 0D, EB, 68, 01, D0, 83, A7, 48, AD, B6, ED, 98, 39, 43, A0, A8, D4, 7E, 33, 30, D4, CF, 9A, 73, BB, 4C, 48, 58, 59, 52, A8...
 
[+]

Packer / compiler:
PECompact v2

Code size:
464 KB (475,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
z-journal

Command:
C:\Program Files\z-journal\z-journal.exe


Scan z-journal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.