home

zDwnLMISpy.exe

zDwnLMI

Zenith Infotech Ltd.

The executable zDwnLMISpy.exe, “Download LMI Setup” has been detected as malware by 5 anti-virus scanners.
Publisher:
Zenith Infotech Ltd.  (signed and verified)

Product:
zDwnLMI

Description:
Download LMI Setup

Version:
1.00

MD5:
f000eb3fd6bba957bc92706bc5ddec9e

SHA-1:
12becf0d34cb184408f87ebdc2bbd929e87bc280

SHA-256:
94d769d3024f4a37417a3e7037b735d37a5945dd5ad03d9382a9aa5c29447c71

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/24/2024 6:07:36 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
HEUR/Malware
7.11.14.161

Emsisoft Anti-Malware
Virus.Win32.Malware!IK
8.16.09.08.07

F-Prot
W32/VBTrojan.17D2
v6.4.6.2.117

IKARUS anti.virus
Virus.Win32.Malware
t3scan.1.1.107.0

K7 AntiVirus
Trojan
13.112.5114

File size:
64.8 KB (66,376 bytes)

Product version:
1.00

Original file name:
zDwnLMISpy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\zdwnlmispy.exe

Digital Signature
Signed by:
Zenith Infotech Ltd.

Authority:
The USERTRUST Network

Valid from:
12/1/2008 7:00:00 PM

Valid to:
12/2/2011 6:59:59 PM

Subject:
CN=Zenith Infotech Ltd., O=Zenith Infotech Ltd., STREET=39675 Cedar Blvd SUite 240B, L=Newark, S=CA, PostalCode=94560, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00B756011DAA5ECFE79D4D67BF18EB4A18

File PE Metadata
Compilation timestamp:
6/5/2009 4:38:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:gqy7DLheOfkEMPIFEKLXifRdGztItSgh2/JEzkWxc6C39zC9gUgjj5pFufo9s7V:0D9p/4IOKLXGGOMfJsDCtzC9xEufoiV

Entry address:
0x1828

Entry point:
68, 74, 19, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 86, 7B, 60, D6, C0, 7D, 98, 49, 85, 2A, F5, 5A, E8, FE, D6, 38, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 20, 20, 20, 20, 20, 7A, 44, 77, 6E, 4C, 4D, 49, 53, 70, 79, 62, 6F, 74, 00, 2E, 64, 00, 00, 00, 00, 01, 00, 03, 00, 78, 1F, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 5C, 20, 40, 00, A8, D0, 40, 00, 00, 00, 00, 00, 48, 21, 90, 06, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1719

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
48 KB (49,152 bytes)

Remove zDwnLMISpy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.