home

z-journal.exe

Z-Journal

Andreas Baumann

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘z-journal’.
Publisher:
IMU - Andreas Baumann  (signed by Andreas Baumann)

Product:
Z-Journal

Description:
Z-DBackup Journal-View

Version:
1.08

MD5:
0710af847bb5810198e54181a552f81c

SHA-1:
ee209e267c942b11a5b83df36c62517073ff5c40

SHA-256:
896f42f69c228897a4244464a5a3cfde117a4373fe80ef38379e562ad4793b17

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:51:58 AM UTC  (today)

File size:
125.5 KB (128,504 bytes)

Product version:
1.08

Copyright:
© A.Baumann 2006 - 2007

Original file name:
z-journal.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\z-journal\z-journal.exe

Digital Signature
Signed by:
Andreas Baumann

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/20/2007 1:00:00 AM

Valid to:
2/21/2008 12:59:59 AM

Subject:
CN=Andreas Baumann, OU=Secure Application Development, O=Andreas Baumann, L=Berlin, S=Berlin, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
57269B1165A4897443A15D66516A70D8

File PE Metadata
Compilation timestamp:
11/26/2007 3:09:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:Hefp7OyZjGyu3UlRV98nIwWP4wyALJ316Snj:QpRGd3U8nIr4k

Entry address:
0x25D8

Entry point:
B8, 08, C0, 45, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 02, BB, A6, 98, 4C, 88, AD, 48, FE, 00, 8D, 41, 3D, 03, 62, CB, A1, 97, D6, DB, E3, 33, A3, FA, 83, 6C, 43, F5, 73, 3D, AF, 16, 71, 9D, 97, 94, 21, EC, BC, 72, 78, F1, E4, 47, FE, A5, C7, BC, 4C, 5A, 8C, 4D, 9C, C5, D0, 3D, E3, 21, D4, 35, 58, 4E, 4D, 35, 82, E1, 37, A4, 8E, 68, 70, 53, FA, 38, 87, F2, 65, E2, A7, 60, 58, 57, CD, FC, 13, EC, 56, DD, BA, 7E, F0, 5B, 42...
 
[+]

Packer / compiler:
PECompact v2

Code size:
300 KB (307,200 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
z-journal

Command:
C:\Program Files\z-journal\z-journal.exe


Scan z-journal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.