» MezaaTray.exe
Overview
Analysis
File Details

MezaaTray.exe

Mezaa

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application MezaaTray.exe, “Mezaa Notification Icon” by Mezaa has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

MezaaTray.exe

Publisher:

Mezaa (signed and verified)

Product:

Mezaa

Description:

Mezaa Notification Icon

Version:

3.0.2

MD5:

bd39f8e3fb83b321a83a36d832ad8c18

SHA-1:

87a5d571c68642660a930fbb3f921921623700b5

SHA-256:

c1b804f55f8e7840d9130844dee588dbdbe0a3d37d382e30bcaac1d629713227

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 11:35:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Sendori (M)

16.7.15.11

File size:

170.7 KB (174,824 bytes)

Product version:

3.0.2

Trademarks:

Dyn (sm)

Original file name:

MezaaTray.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mezaa\mezaatray.exe

Digital Signature

Signed by:

Mezaa

Authority:

VeriSign, Inc.

Valid from:

6/25/2014 5:30:00 AM

Valid to:

6/25/2017 5:29:59 AM

Subject:

CN=Mezaa, O=Mezaa, L=San Leandro, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5882CB787D2A279BB379C1F4594407F9

File PE Metadata

Compilation timestamp:

10/7/2014 4:22:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:6xPYHRoP4UjLRTcDU1t/lHa1XKDskK5wdkb77C2Nvvk3:NKBRR8xKS+dyHC2Nvvk3

Entry address:

0x410E

Entry point:

E8, 2E, 23, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 10, 1A, 41, 00, FF, 15, 1C, C1, 40, 00, 85, C0, 75, 18, 56, E8, CA, 03, 00, 00, 8B, F0, FF, 15, CC, C0, 40, 00, 50, E8, 7A, 03, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 58, 31, 41, 00, 00, 74, 05, E9, 50, 23, 00, 00, 57, 8B... 
[+]

Entropy:

3.5251

Code size:

44 KB (45,056 bytes)

Remove MezaaTray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.