zecontrolax.dll

TODO:

Total Availability

The module zecontrolax.dll, “TODO: <File description>” by Total Availability has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
TODO: <Company name>  (signed by Total Availability)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
b68fcef79c9a9b325676a76000526ba2

SHA-1:
1648b10769b2f55770602988df99291ddb837ce6

SHA-256:
bb62854b8b5ce493b241f98a5e62696edf1c1a25b2e1d7a6eb1739e1b4969ec3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2017 9:12:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TotalAvailability.L
14.4.12.20

File size:
129.8 KB (132,944 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
BFControlAX.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Russian (Russia)

Common path:
C:\Program Files\zezebra\zecontrolax.dll

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/11/2011 9:00:00 PM

Valid to:
10/11/2012 8:59:59 PM

Subject:
CN=Total Availability, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Total Availability, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2B701E46D0A838E9C3AF2FC97F88EFF3

File PE Metadata
Compilation timestamp:
9/27/2011 4:21:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:tYl5aV7pQq6LAM6WnS0gwUaDquewir27tJ+llJqm:tYy7pQgQ2aD9e1F5l

Entry address:
0xCB7F

Entry point:
6A, 0C, 68, 00, 51, 01, 10, E8, 75, 01, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 98, A2, 01, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 24, BB, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, 80, D5, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
76 KB (77,824 bytes)

Safe for Initializing Control
CLSID:
{6051EB8F-687D-4C4D-9C28-51E2931C49F7}

CLSID name:
CBFControl Object


Safe for Scripting Control
Name:
{6051EB8F-687D-4C4D-9C28-51E2931C49F7}


Remove zecontrolax.dll - Powered by Reason Core Security