» z-journal.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

z-journal.exe

Z-Journal

Andreas Baumann

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘z-journal’.

File name:

z-journal.exe

Publisher:

IMU - Andreas Baumann (signed by Andreas Baumann)

Product:

Z-Journal

Description:

Z-Software Journal-View

Version:

3.09.0008

MD5:

749d0df5595f8cb31ca41117b8ce53fb

SHA-1:

af2e59c54c29f0674320319408475e1dfcc9b724

SHA-256:

bc7bc63e22abf24948dc1b6c3c1756557d34ac06932b28c0ef5a45b0dbb042d9

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/20/2024 1:53:01 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.VbCrypt.250

9.0.1.05190

File size:

257.8 KB (264,008 bytes)

Product version:

3.09.0008

Original file name:

z-journal.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\z-journal\z-journal.exe

Digital Signature

Signed by:

Andreas Baumann

Authority:

thawte, Inc.

Valid from:

1/26/2016 5:30:00 AM

Valid to:

1/26/2018 5:29:59 AM

Subject:

CN=Andreas Baumann, OU=Individual Developer, O=No Organization Affiliation, L=Berlin, S=Berlin, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5B623EB5661DA225ACC9DBC31DF9180A

File PE Metadata

Compilation timestamp:

1/7/2017 4:28:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x448C

Entry point:

B8, F8, BC, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, A1, BA, AC, B5, BB, 99, 13, BE, 9E, BB, B8, 4E, D8, F4, 9B, B6, 83, 51, 6A, A5, 73, EA, 18, 01, D2, 62, 5B, 0A, 7C, 0D, ED, 04, 05, E8, 6F, A7, 05, DC, 01, 67, 90, 8F, E7, 87, 25, F7, 03, AC, E7, 01, A2, 2D, C1, 19, 70, 5A, 9F, 40, E1, BE, D2, 19, 4F, A1, 38, 0D, 3C, DD, E3, D0, 35, FB, 8E, BA, 94, 6E, 11, 3B, AA, 36, 5A, 31, 80, F0, 82, 76, 56, 71, CB, 1C, 5C, B9, 72... 
[+]

Entropy:

7.3847

Packer / compiler:

PECompact v2

Code size:

524 KB (536,576 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

z-journal

Command:

C:\Program Files\z-journal\z-journal.exe

The file z-journal.exe has been discovered within the following program.

Z-DBackup by IMU Andreas Baumann

www.z-dbackup.de.de

About 6% of users remove it

Scan z-journal.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.