» EzQ.exe
Overview
Analysis
File Details
Behaviors (1)

EzQ.exe

EzQ Messenger 2009

EZNIX Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Kostat Messenger’.

File name:

EzQ.exe

Publisher:

EZNIX. Inc (signed by EZNIX Inc.)

Product:

EzQ Messenger 2009

Version:

6.0.2.176

MD5:

991869d2bc6b00054da26fa2297b6ca1

SHA-1:

1189d8c3b3143caccad6864814a6ff2afea3b8cd

SHA-256:

8eadfae11721b3006dfcf09a399faab844ad978dafd0060ccc4e0530d33a2125

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 11:39:18 PM UTC (a few moments ago)

File size:

12 MB (12,611,080 bytes)

Product version:

6.0.1.0

EZNIX. Inc

Trademarks:

EzQ Messenger 2009

Original file name:

EzQ.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\kostat messenger\ezq.exe

Digital Signature

Signed by:

EZNIX Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

9/23/2008 10:55:25 AM

Valid to:

9/23/2010 10:55:25 AM

Subject:

CN=EZNIX Inc., OU=Software Development Department, O=EZNIX Inc., L=Seoul, S=GYEONGGI-DO, C=KR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

00A19E5485459219E6435FFBDD4F6850

File PE Metadata

Compilation timestamp:

11/4/2009 4:58:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:5UJMroZcpNgUHTNagj8LmiSpN0ZlibfSUVViXqHbgGb09/lNv1cXTwCUAmxiA70p:5frNgUAg8D24Jcb7b0xlNv1c3di2Mdy

Entry address:

0x6015E0

Entry point:

55, 8B, EC, B9, 0D, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, B8, D4, B4, 9F, 00, E8, 31, 6C, A0, FF, 33, C0, 55, 68, 48, 19, A0, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, CE, 1E, A0, FF, 8B, 45, EC, BA, 60, 19, A0, 00, E8, DD, 45, A0, FF, 75, 46, A1, 88, E1, A1, 00, 8B, 00, E8, 63, A7, A8, FF, A1, 88, E1, A1, 00, 8B, 00, BA, 70, 19, A0, 00, E8, 0A, A2, A8, FF, 8B, 0D, 44, DE, A1, 00, A1, 88, E1, A1, 00, 8B, 00, 8B, 15, 58, 6B, 98, 00, E8, 52, A7, A8, FF, A1, 88, E1, A1, 00, 8B... 
[+]

Entropy:

6.3649

Developed / compiled with:

Microsoft Visual C++

Code size:

6 MB (6,292,992 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Kostat Messenger

Command:

"C:\Program Files\kostat messenger\ezq.exe"

Scan EzQ.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.