home

zeZebra.exe

zeZebra

Total Availability

The application zeZebra.exe, “zeZebra File Transfer Client” by Total Availability has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘zeZebra’.
Publisher:
Total Availability  (signed and verified)

Product:
zeZebra

Description:
zeZebra File Transfer Client

Version:
1, 3, 1, 17

MD5:
4e5d3b60e8c044cfdf2df771fab5ce1b

SHA-1:
e47beb5cf9cb5f4c252683e35ccff3f324c5775d

SHA-256:
3945618a79d694a5384134fb9c616c6879def009b1806b49c8bae39cbdab8338

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 2:00:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.TotalAvailability.H
14.4.12.20

File size:
2.4 MB (2,552,104 bytes)

Product version:
1, 3, 1, 17

Copyright:
Copyright (C) 2013 Total Availability. All rights reserved.

Original file name:
zeZebra.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\zezebra\zezebra.exe

Digital Signature
Signed by:
Total Availability

Authority:
VeriSign, Inc.

Valid from:
10/11/2012 8:00:00 AM

Valid to:
10/12/2013 7:59:59 AM

Subject:
CN=Total Availability, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Total Availability, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2BEC7C0E35B5DA7F9C6C208425A6A9F4

File PE Metadata
Compilation timestamp:
3/4/2013 5:20:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:f2cS7hST5v/D3zKBJujsbkGjMujbbhSK7KqN9W:f2DY5v/LzKLJbBjMcbhSh

Entry address:
0xB1D0F

Entry point:
E8, 54, 05, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, A9, 62, 00, 89, 0D, FC, A8, 62, 00, 89, 15, F8, A8, 62, 00, 89, 1D, F4, A8, 62, 00, 89, 35, F0, A8, 62, 00, 89, 3D, EC, A8, 62, 00, 66, 8C, 15, 18, A9, 62, 00, 66, 8C, 0D, 0C, A9, 62, 00, 66, 8C, 1D, E8, A8, 62, 00, 66, 8C, 05, E4, A8, 62, 00, 66, 8C, 25, E0, A8, 62, 00, 66, 8C, 2D, DC, A8, 62, 00, 9C, 8F, 05, 10, A9, 62, 00, 8B, 45, 00, A3, 04, A9, 62, 00, 8B, 45, 04, A3, 08, A9, 62, 00, 8D, 45, 08, A3, 14, A9, 62...
 
[+]

Entropy:
7.2102

Code size:
799 KB (818,176 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
zeZebra

Command:
C:\Program Files\zezebra\zezebra.exe \background


Windows Firewall Allowed Program
Name:
C:\Program Files\zeZebra\zeZebra.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-55-207-183.compute-1.amazonaws.com  (52.55.207.183:80)

TCP (HTTP):
Connects to ec2-52-1-32-25.compute-1.amazonaws.com  (52.1.32.25:80)

Remove zeZebra.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.