home

z3x_shell.exe

MD5:
69fc40a1941d80ff20787ec40ac0ab2e

SHA-1:
ca42760021096f9f9a7c17d6d6e6c66dff0ab2e6

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/2/2024 6:00:10 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoA
1.3.0.4959

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14331

File size:
12.2 MB (12,828,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\z3x\z3x_shell.exe

File PE Metadata
Compilation timestamp:
2/17/2014 4:28:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:C0ecOKyqXmgqjX4wRaHaFrK5H4YH49hr/cFUXpUKXnm1p7wJbdnDxNa3Cu/SJVfP:C0ecOa2gqjX4NpJvYfYwVnmulvmI

Entry address:
0x13B4BEF

Entry point:
E9, E6, 13, CD, FF, 60, E8, A8, DF, CC, FF, C4, F0, C0, 60, EF, 06, 13, 6C, 91, CF, 28, B4, 12, C3, E7, 45, 42, 91, 18, CC, 9D, 5B, 24, D0, 60, 20, A7, 6E, 4E, 7A, 7E, 4D, 6E, BD, 14, 33, 46, 20, DB, BF, 90, C5, 38, B5, A9, 78, 15, 7A, AD, 55, 67, 18, 98, 07, 71, EE, 3F, 8E, 9F, B0, 07, 84, 49, B4, 94, 4F, B6, A2, 6B, 78, 9A, 6F, 71, B0, F2, B9, C4, D0, 06, 32, 96, 14, 87, 61, 9B, A5, F4, CF, 60, 6D, D1, A7, 7E, 40, 2F, C8, C2, 8C, AC, 51, 2B, CE, D0, C2, 42, E2, 08, 5B, D6, 8B, 5A, 5D, E1, 55, 88, D8, CB...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
6 MB (6,307,328 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.185.107.4.46.clients.your-server.de  (46.4.107.185:80)

Scan z3x_shell.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.