cozahost.exe

Tester Extension

The application cozahost.exe has been detected as adware by Malwarebytes. This file is typically installed with the program Zoompic by Jambo Digital Ltd which is a potentially unwanted software program.
Publisher:
Tester Extension

Product:
Tester Extension

Version:
1.1.0.29

MD5:
bbd4909a3049c8feabd9808f9d6aa1d3

SHA-1:
ee28ff2b0922989f82c4f91b61e33186e4a486ae

SHA-256:
7118d265b37749049153cd4fc239f269cfec8ba239d98d2632c4ef1b10f74df2

Scanner detections:
1 / 68

Status:
Adware

Analysis date:
12/26/2024 3:21:00 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Zoomify.A
v2015.01.14.10

File size:
187.5 KB (192,000 bytes)

Product version:
1.1.0.29

Copyright:
Copyright © 2014, All rights Reserved

Original file name:
Tester.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\application data\makulitsidwe\1.1.0.29\cozahost.exe

File PE Metadata
Compilation timestamp:
1/9/2015 5:50:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:+2mhigxVdbwEKGliKQGz0uNNO/QHWikshuz2PjyGQA:7mhxxVdbwETlPNE/QHWiEiPm0

Entry address:
0x1482E

Entry point:
E8, 5A, 30, 00, 00, E9, 89, FE, FF, FF, 6A, 08, 68, E0, 23, 42, 00, E8, 8C, 00, 00, 00, E8, F7, 11, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 26, 34, 00, 00, E8, A5, 00, 00, 00, C3, E8, CA, 11, 00, 00, 8B, 40, 7C, 85, C0, 74, 02, FF, D0, E9, B4, FF, FF, FF, 6A, 08, 68, 00, 24, 42, 00, E8, 40, 00, 00, 00, FF, 35, 60, 5C, 42, 00, FF, 15, 7C, D1, 41, 00, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65...
 
[+]

Entropy:
5.9628

Code size:
111.5 KB (114,176 bytes)

The file cozahost.exe has been discovered within the following program.

Zoompic  by Jambo Digital Ltd
Zoompic is an ad-supported browser extension that may deliver advertisements in the form of coupons, affiliate links, price-comparisons, display media and other links through a number of functions including those based on the the content of any web page the user is visiting, plug-ins, add-ons, or the web browser itself.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-6-206.dfw3.r.cloudfront.net  (54.230.6.206:80)

TCP (HTTP):
Connects to server-54-230-5-170.dfw3.r.cloudfront.net  (54.230.5.170:80)

TCP (HTTP):
Connects to server-54-192-7-152.dfw3.r.cloudfront.net  (54.192.7.152:80)

TCP (HTTP):
Connects to server-54-192-6-243.dfw3.r.cloudfront.net  (54.192.6.243:80)

TCP (HTTP):
Connects to server-54-192-4-239.dfw3.r.cloudfront.net  (54.192.4.239:80)

TCP (HTTP):
Connects to of-in-f156.1e100.net  (74.125.30.156:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to float.1410.bm-impbus.prod.lax1.adnexus.net  (68.67.128.11:80)

TCP (HTTP SSL):
Connects to edge-star-shv-07-dfw1.facebook.com  (31.13.66.96:443)

TCP (HTTP):
Connects to ec2-54-243-82-4.compute-1.amazonaws.com  (54.243.82.4:80)

TCP (HTTP):
Connects to ec2-23-23-200-159.compute-1.amazonaws.com  (23.23.200.159:80)

TCP (HTTP):
Connects to ec2-184-72-245-251.compute-1.amazonaws.com  (184.72.245.251:80)

TCP (HTTP):
Connects to dfw06s47-in-f2.1e100.net  (216.58.218.194:80)

TCP (HTTP):
Connects to dfw06s46-in-f2.1e100.net  (216.58.218.162:80)

TCP (HTTP):
Connects to dfw06s46-in-f10.1e100.net  (216.58.218.170:80)

TCP (HTTP):
Connects to dfw06s39-in-f1.1e100.net  (173.194.115.1:80)

TCP (HTTP):
Connects to dfw06s33-in-f20.1e100.net  (74.125.227.212:80)

TCP (HTTP):
Connects to a96-17-202-74.deploy.akamaitechnologies.com  (96.17.202.74:80)

TCP (HTTP):
Connects to a23-218-157-89.deploy.static.akamaitechnologies.com  (23.218.157.89:80)

TCP (HTTP):

Remove cozahost.exe - Powered by Reason Core Security