home

EzQ.exe

EzQ Messenger 2009

EZNIX Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘JBEdu Messenger’.
Publisher:
EZNIX. Inc  (signed by EZNIX Inc.)

Product:
EzQ Messenger 2009

Version:
6.0.6.758

MD5:
5433bee7bb94c3c19c6c48f53e1600dc

SHA-1:
d6e33fcab9036b73e3637ccfe9946be91aa5c600

SHA-256:
8fe0d2cc95b75f13658ec2058a2904131dd6827a0affc93f0fec7cc26514605b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 12:24:45 AM UTC  (today)

File size:
9.2 MB (9,681,992 bytes)

Product version:
6.0.4.0

Copyright:
EZNIX. Inc

Trademarks:
EzQ Messenger 2009

Original file name:
EzQ.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
EZNIX Inc.

Authority:
Thawte, Inc.

Valid from:
10/16/2012 9:00:00 AM

Valid to:
12/10/2014 8:59:59 AM

Subject:
CN=EZNIX Inc., O=EZNIX Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E78017A7BF71B6762A603DC41FB6B5

File PE Metadata
Compilation timestamp:
4/11/2013 7:39:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:6PKkTV14mYfml+tOr8hvB5yfRxaKC+UP26d36qa6XTwCeAmb0TqbAdS9fKzzzzz/:O1sml+UwiRxaKCdwP63UG

Entry address:
0x5029C0

Entry point:
55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 1C, CF, 8F, 00, E8, 10, 57, B0, FF, 33, C0, 55, 68, 9D, 2C, 90, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 5D, 0A, B0, FF, 8B, 45, EC, BA, B4, 2C, 90, 00, E8, 4C, 31, B0, FF, 75, 46, A1, 08, FD, 91, 00, 8B, 00, E8, 56, 52, B8, FF, A1, 08, FD, 91, 00, 8B, 00, BA, C4, 2C, 90, 00, E8, FD, 4C, B8, FF, 8B, 0D, 0C, FA, 91, 00, A1, 08, FD, 91, 00, 8B, 00, 8B, 15, 48, 67, 88, 00, E8, 45, 52, B8, FF, A1, 08, FD, 91, 00...
 
[+]

Entropy:
6.4532

Developed / compiled with:
Microsoft Visual C++

Code size:
5 MB (5,246,976 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
JBEdu Messenger

Command:
"C:\jbedu messenger\ezq.exe"


Scan EzQ.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.