home

zdengine.exe

zdengine.exe

zdengine

The application zdengine.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “zdengine”.
Publisher:
zdengine

Product:
zdengine.exe

Version:
3.0.0.8

MD5:
4021d5ccb88ac40557fcb2b3f24ab769

SHA-1:
78c8d867e4425a7492f3143856674eacd3a80102

SHA-256:
82af381151f22d09ce66a7038a08afea774ea74949580fd9c979636938950cc5

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:20:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
160209-2

ESET NOD32
Win32/Packed.Komodia.G suspicious application
7.0.302.0

Reason Heuristics
PUP.QuickSearch.Komodia.Meta (M)
16.2.20.10

File size:
2.3 MB (2,424,831 bytes)

Product version:
3.0.0.8

Copyright:
Copyright (c) 2015

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\quicksearch\zdengine.exe

File PE Metadata
Compilation timestamp:
2/10/2016 6:36:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:/5GjNX9jMTcD00cABLrNPY23vX3QicA5euTKlLZBUJwLx5smtw45HTPbciJ:mNX9KcD00BGe/AiudlLcAhToY

Entry address:
0x360E

Entry point:
E8, 2D, 37, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 25, 38, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, 34, EC, 41, 00, E8, A1, 37, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, DC, 05, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 75, 39, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, E8, C4, 38, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, B0, 3A...
 
[+]

Entropy:
7.9653  (probably packed)

Code size:
113.5 KB (116,224 bytes)

Service
Display name:
zdengine

Description:
zdengine protects your browser

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove zdengine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.