Mezaa.Service.exe

Mezaa.Service

Mezaa

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application Mezaa.Service.exe by Mezaa has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “MezvcV2”. This file is typically installed with the program Mezaa which is a potentially unwanted software program.
Publisher:
Mezaa  (signed and verified)

Product:
Mezaa.Service

Version:
3.0.0.0

MD5:
bafe308e8edf5c9617cbf2e06521b11e

SHA-1:
8f9fc608f9b2b20dc20cb1bb5dc118ed08726dba

SHA-256:
cc8abf11555785da92e0a670003ff15428b6ad29ac6badfa03c01ef5866d7153

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 9:54:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.Mezaa.M
14.9.13.18

File size:
23.7 KB (24,296 bytes)

Product version:
3.0.0.0

Copyright:
Copyright © mezaa 2012

Original file name:
Mezaa.Service.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\mezaa\mezaa.service.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/24/2014 8:00:00 PM

Valid to:
6/24/2017 7:59:59 PM

Subject:
CN=Mezaa, O=Mezaa, L=San Leandro, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5882CB787D2A279BB379C1F4594407F9

File PE Metadata
Compilation timestamp:
7/23/2014 6:32:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:LBYBSBfBjaeR4CzYcHeWlmSfDqGfYT9kxi8tN4qBHCzYcHeWlmcnYPLYeM2m:LBYBSBfBjaevzYcHeWlmJT9F8tD0zYcT

Entry address:
0x52DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0419

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
13 KB (13,312 bytes)

Service
Display name:
MezvcV2

Description:
Service Mezaa.

Type:
Win32OwnProcess

Depends on:
WINMGMT


The file Mezaa.Service.exe has been discovered within the following program.

Mezaa  by Mezaa
Mezaais an web browser advertisement injection and hijack service that delivers ads to the user's web browser (which may include coupons and savings offers, in-text advertisement or other advertisement).
mezaa.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-149-176.sin2.r.cloudfront.net  (54.230.149.176:80)

TCP (HTTP):
Connects to server-54-230-11-189.lhr3.r.cloudfront.net  (54.230.11.189:80)

TCP (HTTP):
Connects to ec2-50-18-54-58.us-west-1.compute.amazonaws.com  (50.18.54.58:80)

TCP (HTTP):
Connects to ec2-204-236-135-7.us-west-1.compute.amazonaws.com  (204.236.135.7:80)

Remove Mezaa.Service.exe - Powered by Reason Core Security