» ziad.exe
Overview
Analysis
File Details

ziad.exe

The executable ziad.exe has been detected as malware by 10 anti-virus scanners.

File name:

ziad.exe

MD5:

56d37bf195863aea337f3b3ed97c6a15

SHA-1:

95322bf79cb93c826f9877bc1100e82368a00358

SHA-256:

56d9b3ba77423c005751fb0fc9e216c4339cf665ab7d3f2c49fac38f36f88143

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/26/2024 6:02:35 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Hupigon

7.1.1

Bkav FE

HW32.Pedka

1.3.0.4959

Comodo Security

Backdoor.Win32.Hupigon.70

18537

Dr.Web

joke program Joke.Picture.1

9.0.1.05190

K7 AntiVirus

Trojan

13.178.12257

McAfee

Artemis!C76632AF90E9

5600.7019

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.2.16

Rising Antivirus

PE:Backdoor.Win32.Gpigeon2010.wh!1075329345

23.00.65.14831

VIPRE Antivirus

Threat.4150696

29800

Zillya! Antivirus

Backdoor.Hupigon.Win32.155783

2.0.0.1808

File size:

274.1 KB (280,712 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ziad.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:gfgVeA5ci5S4XIilT63xjUc2CzHOR8JBvEBRg:gweCci0MIgu9UX+CBm

Entry address:

0xB3001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 30, 0B, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.9343

Packer / compiler:

ASPack v2.12

Code size:

514.5 KB (526,848 bytes)

Remove ziad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.