» ezsched.exe
Overview
Analysis
File Details
Behaviors (1)

ezsched.exe

AJSystems Backups

AJSystems.com Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EazyScheduler’.

File name:

ezsched.exe

Publisher:

AJSystems.com Inc. (signed and verified)

Product:

AJSystems Backups

Description:

AJSystems Backup Scheduler

Version:

4.0.1.0

MD5:

f325ddb8f993f289488e940daf39c4a1

SHA-1:

eb2afda120f3fcfa82393e217af9b6f9c34156e0

SHA-256:

e6e60f8c587fc2743db9c3ed2e517e976c92e00af3c13a37a3fde5459cce34ca

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 5:26:30 AM UTC (today)

File size:

954.4 KB (977,320 bytes)

Product version:

4.0.0.0

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\eazy-ware\ezsched.exe

Digital Signature

Signed by:

AJSystems.com Inc.

Authority:

COMODO CA Limited

Valid from:

1/24/2016 5:30:00 AM

Valid to:

8/21/2016 5:29:59 AM

Subject:

CN=AJSystems.com Inc., O=AJSystems.com Inc., STREET="#5 - 2165 Country Club Dr.", L=Burlington, S=Ontario, PostalCode=L7M 4H4, C=CA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BA974A9ED2D4D888B316C623E04F8B13

File PE Metadata

Compilation timestamp:

4/21/2013 7:39:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:v+A6ShucXlcLNYyOMMSkGciDATmvzKyO5nyBaS27JDMyQ7X47X760Zrt3xBp888m:T66Tl0YyO3Stcih8yBaS27JDG7Xi7ZD

Entry address:

0xC7028

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 38, F8, 4B, 00, E8, 7F, 32, F4, FF, 68, B8, 70, 4C, 00, 6A, 00, 6A, 00, E8, 0D, 44, F4, FF, 8B, D8, 6A, 00, 53, E8, 77, 47, F4, FF, 3D, 02, 01, 00, 00, 74, 57, A1, 80, A7, 4C, 00, 8B, 00, E8, 18, C0, FD, FF, A1, 80, A7, 4C, 00, 8B, 00, 33, D2, E8, 26, BA, FD, FF, A1, 80, A7, 4C, 00, 8B, 00, 33, D2, E8, 38, DD, FD, FF, A1, 80, A7, 4C, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 54, A9, 4C, 00, A1, 80, A7, 4C, 00, 8B, 00, 8B, 15, BC, B0, 4B, 00, E8, F1, BF, FD, FF, A1, 80, A7, 4C, 00... 
[+]

Entropy:

6.5124

Developed / compiled with:

Microsoft Visual C++

Code size:

789.5 KB (808,448 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

EazyScheduler

Command:

C:\Program Files\eazy-ware\ezsched.exe

Scan ezsched.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.