home

zam.exe

AntiMalware

Zemana Ltd.

It runs as a separate (within the context of its own process) windows Service named “ZAM Controller Service”. The file has been seen being downloaded from dl9.zemanaltd.netdna-cdn.com.
Publisher:
Zemana Ltd.  (signed and verified)

Product:
AntiMalware

Description:
Zemana AntiMalware

Version:
2.2.1.234

MD5:
d91d79fd37f8ef49fdc8aa073b3aae88

SHA-1:
1e158c717f2d9a8785bca553cb870bd6ba77d314

SHA-256:
55a5b1016114a95e1844b1385ff9f66a1f436c172393802523530de9aa5a0d7f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/17/2024 6:27:02 PM UTC  (today)

File size:
9.3 MB (9,800,560 bytes)

Product version:
2.2.1.234

Copyright:
Zemana Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\zemana antimalware\zam.exe

Digital Signature
Signed by:
Zemana Ltd.

Authority:
DigiCert Inc

Valid from:
12/15/2014 5:00:00 PM

Valid to:
12/20/2017 5:00:00 AM

Subject:
CN=Zemana Ltd., O=Zemana Ltd., L=Edirne, C=TR

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0210230FD364B469091B8A4440145E18

File PE Metadata
Compilation timestamp:
2/4/2015 9:09:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:TSQgm2hPuM1d0Z1gXm916rnT1tD22y1hNJGqnIJqUZPj2FEtF7IeNSRDyEYBU0Ok:TSFdwnWTyn5FE37tURpDRVU

Entry address:
0x2C2C

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 90, A3, 00, A1, 9F, 90, A3, 00, C1, E0, 02, A3, A3, 90, A3, 00, 52, 6A, 00, E8, 11, 44, 63, 00, 8B, D0, 89, 15, A7, 90, A3, 00, E8, D4, 36, 62, 00, 5A, E8, 16, 34, 62, 00, E8, 29, 38, 62, 00, 6A, 00, E8, 0A, FD, 62, 00, 59, 68, 48, 90, A3, 00, 6A, 00, E8, E5, 43, 63, 00, A3, A7, 90, A3, 00, 6A, 00, E9, 35, EB, 62, 00, E9, 3C, FD, 62, 00, 33, C0, A0, 91, 90, A3, 00, C3, A1, A7, 90, A3, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9...
 
[+]

Entropy:
6.8004

Code size:
6.2 MB (6,520,832 bytes)

Service
Display name:
ZAM Controller Service

Service name:
ZAMSvc

Type:
Win32OwnProcess


The file zam.exe has been seen being distributed by the following URL.

http://dl9.zemanaltd.netdna-cdn.com/.../ZAMv2.2.1.234.exe

Scan zam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.