home

zlh.exe

Norman Product Manager

Norman ASA

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Norman ZANDA’.
Publisher:
Norman ASA  (signed and verified)

Product:
Norman Product Manager

Description:
Norman ZLH

Version:
7, 0, 0, 1

MD5:
975aee2b4e7cb68f653a8217938ba707

SHA-1:
ffe7a44962946a3ad490580500b886975c930c3d

SHA-256:
ecddf8ccf51ca955fb776a001696e251f6252247a9d0038a1c3ede2a77aaee5b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 11:33:05 AM UTC  (today)

File size:
267.1 KB (273,520 bytes)

Product version:
7, 0, 0, 1

Copyright:
Copyright © 1990-2007 Norman ASA

Original file name:
zlh.exe

File type:
Executable application (Win32 EXE)

Language:
Italian (Italy)

Common path:
C:\Program Files\norman\npm\bin\zlh.exe

Digital Signature
Signed by:
Norman ASA

Authority:
VeriSign, Inc.

Valid from:
9/29/2006 2:00:00 AM

Valid to:
10/27/2009 12:59:59 AM

Subject:
CN=Norman ASA, OU=Headquarter, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Norman ASA, L=Lysaker, S=Oslo, C=NO

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
569B6F172F48913B5BBD292CA0AB77A3

File PE Metadata
Compilation timestamp:
12/17/2007 2:38:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:h7a9i7Kh5Z/a5xGyDjwsaYQYEY5QtV85Z/0tB+hp:h7a9i7KTZy5xGyDjws6YEztS5ZcfMp

Entry address:
0x2210F

Entry point:
55, 8B, EC, 6A, FF, 68, 50, 16, 43, 00, 68, CC, 55, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 18, F2, 42, 00, 33, D2, 8A, D4, 89, 15, B8, EA, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B4, EA, 43, 00, C1, E1, 08, 03, CA, 89, 0D, B0, EA, 43, 00, C1, E8, 10, A3, AC, EA, 43, 00, 6A, 01, E8, C8, 19, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 4D, 4E, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
184 KB (188,416 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Norman ZANDA

Command:
"C:\Program Files\norman\npm\bin\zlh.exe" \load \splash


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.