» zemana.antimalware.setup.exe
Overview
Analysis
File Details

zemana.antimalware.setup.exe

AntiMalware

The executable zemana.antimalware.setup.exe has been detected as malware by 35 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

Product:

AntiMalware

Version:

2.19.844

MD5:

a3a029aef2c3514afec8033681c84d37

SHA-1:

3c2503c498a1aa281ea87006e04305a7211e9bc6

SHA-256:

d5fc0dd74576d3b623240d3e6470e497d4e15a60ac1987cfffa11e9cc7ef7e81

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 6:06:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

-40

AhnLab V3 Security

Win32/Kashu.E

3.8.2.16

Avira AntiVirus

W32/Sality.AT

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.792

avast!

Win32:SaliCode

2014.9-170316

AVG

Win32/Sality

2018.0.2438

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17316

Bitdefender

Win32.Sality.3

1.0.20.375

Bkav FE

W32.Sality.PE

1.3.0.8455

Comodo Security

Virus.Win32.Sality.gen

26334

Dr.Web

Win32.Sector.30

9.0.1.075

Emsisoft Anti-Malware

Win32.Sality

8.17.03.16.04

ESET NOD32

Win32/Sality.NBA

11.14662

F-Prot

W32/Sality.E.gen

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-16-03_5

G Data

Win32.Sality

17.3.25

IKARUS anti.virus

Virus.Sality

0.1.3.4

K7 AntiVirus

Virus

13.246.21891

Kaspersky

Virus.Win32.Sality

14.0.0.-1316

McAfee

W32/Sality.gen.z

5600.6094

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13303.0

MicroWorld eScan

Win32.Sality.3

18.0.0.225

NANO AntiVirus

Virus.Win32.Sality.beygb

1.0.70.14200

nProtect

Virus/W32.Sality.D

16.12.25.02

Panda Antivirus

W32/Sality.AA

17.03.16.04

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

3.17.14.00

Rising Antivirus

Virus.Sality!1.A09C (classic)

23.00.65.17314

Sophos

Mal/Sality-D

4.98

Trend Micro House Call

PE_SALITY.RL

7.2.75

Trend Micro

PE_SALITY.RL

10.465.16

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

54734

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3161

File size:

5 MB (5,294,224 bytes)

Product version:

2.19.844

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\sachin dedhianew\sachin dedhianew\pc forensics tools\zemana.antimalware.setup.exe

File PE Metadata

Compilation timestamp:

7/9/2014 1:28:13 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x113BC

Entry point:

B0, E4, FF, C9, 80, F4, 3A, 73, 09, 8D, 3D, 16, D1, 14, 09, C6, C7, 2C, 69, CD, 2A, A3, D1, 2C, 89, EE, 30, C7, B8, 3A, 5E, 00, 00, 84, E7, 88, E5, 2D, F1, 27, 00, 00, 0F, BF, F8, F7, C3, A5, 9C, 42, 0B, 8D, 10, 8D, 1D, E1, 01, 50, 06, B4, EB, 0F, AF, E8, 88, F4, B5, 0A, FF, C3, 0F, BF, CB, 3B, FB, B7, 06, FF, C2, 3B, DF, E8, 61, 00, 00, 00, 4B, 75, 06, F7, C1, CF, FD, 81, B7, FF, C5, 69, DF, 12, 48, 4B, 2F, F7, C6, 15, 51, F0, 93, 4B, 89, C9, 69, D3, FB, 6D, F4, F4, BD, 00, 00, 00, 00, 88, EB, 81, F5, 2C... 
[+]

Entropy:

7.9936 (probably packed)

Code size:

63.5 KB (65,024 bytes)

Remove zemana.antimalware.setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.