zeZebra.exe

zeZebra

Total Availability

The application zeZebra.exe, “zeZebra file transfer client” by Total Availability has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘zeZebra’.
Publisher:
Total Availability  (signed and verified)

Product:
zeZebra

Description:
zeZebra file transfer client

Version:
0, 5, 9, 6

MD5:
f5e31a3d563a28d4f8096a928180f325

SHA-1:
76337bac21201b823a8ffa57452a327a34633dc0

SHA-256:
afbd0151ebb9ce04862db01b55afea871ff63aa44bff4db78d48904b3515599e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
10/23/2018 10:07:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TotalAvailability (M)
16.1.14.18

File size:
1.3 MB (1,412,944 bytes)

Product version:
0, 5, 9, 6

Copyright:
Copyright (C) 2011 Total Availability. All rights reserved.

Original file name:
zeZebra.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\zezebra\zezebra.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/11/2011 9:00:00 PM

Valid to:
10/11/2012 8:59:59 PM

Subject:
CN=Total Availability, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Total Availability, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2B701E46D0A838E9C3AF2FC97F88EFF3

File PE Metadata
Compilation timestamp:
12/25/2011 7:40:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:9dsiUM4NkMvWdG8js42nTm8/sVdLmUKt4CpEw:4PMaVvSG8j6q8/GduSCOw

Entry address:
0x8270F

Entry point:
E8, 54, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C8, 50, 55, 00, 89, 0D, C4, 50, 55, 00, 89, 15, C0, 50, 55, 00, 89, 1D, BC, 50, 55, 00, 89, 35, B8, 50, 55, 00, 89, 3D, B4, 50, 55, 00, 66, 8C, 15, E0, 50, 55, 00, 66, 8C, 0D, D4, 50, 55, 00, 66, 8C, 1D, B0, 50, 55, 00, 66, 8C, 05, AC, 50, 55, 00, 66, 8C, 25, A8, 50, 55, 00, 66, 8C, 2D, A4, 50, 55, 00, 9C, 8F, 05, D8, 50, 55, 00, 8B, 45, 00, A3, CC, 50, 55, 00, 8B, 45, 04, A3, D0, 50, 55, 00, 8D, 45, 08, A3, DC, 50, 55...
 
[+]

Code size:
585.5 KB (599,552 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
zeZebra

Command:
C:\Program Files\zezebra\zezebra.exe \background


Remove zeZebra.exe - Powered by Reason Core Security