seznam.cz.exe

Seznam.cz, a.s.

The application seznam.cz.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address sdn.szn.cz on port 443.
Publisher:
Seznam.cz, a.s.  (signed and verified)

MD5:
29dea4ac9b3fb06daf0fc93fe4a314c0

SHA-1:
cace57f7c8c1c974fa1172b70235bd60fec2832c

SHA-256:
5712b695999548ceaba5af34f225df8125476127460e233b458139371aed327e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 5:18:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Seznam (M)
16.10.19.12

File size:
1 MB (1,054,912 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/6/2016 2:00:00 AM

Valid to:
4/10/2017 1:59:59 AM

Subject:
CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6B57C0310010618229A5DBCF37838A9F

File PE Metadata
Compilation timestamp:
9/7/2016 5:57:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:jM2OfYzP0wzDhGOy1/XG+9ikj14dD+1VOiuTZGlwSrajCGhbVmMQb:jM2OfUPHPED1/XGroGdy11lwt7VmR

Entry address:
0x6939A

Entry point:
E8, B3, CF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 4C, 24, 0C, 8B, 54, 24, 10, 8B, 5C, 24, 14, F7, C3, FF, FF, FF, FF, 74, 51, 2B, CA, F7, C2, 03, 00, 00, 00, 74, 18, 0F, B6, 04, 0A, 3A, 02, 75, 48, 85, C0, 0F, 44, D8, 42, 83, EB, 01, 76, 34, F6, C2, 03, 75, E8, 8D, 04, 0A, 25, FF, 0F, 00, 00, 3D, FC, 0F, 00, 00, 77, D9, 8B, 04, 0A, 3B, 02, 75, D2, 83, EB, 04, 76, 14, 8D, B0, FF, FE, FE, FE, 83, C2, 04, F7, D0, 23, C6, A9, 80, 80, 80, 80, 74, D1, 33, C0, 5E...
 
[+]

Code size:
647 KB (662,528 bytes)

Shell Open Command
Open type:
http

Command:
"C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe" -surl="%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to h.imedia.cz  (77.75.79.9:443)

TCP (HTTP SSL):
Connects to zeptejsekrastyho.seznam.cz  (77.75.77.61:443)

TCP (HTTP SSL):
Connects to ad.seznam.cz  (77.75.76.72:443)

TCP (HTTP SSL):
Connects to sdn.szn.cz  (77.75.76.183:443)

TCP (HTTP SSL):
Connects to jslog.post.cz  (77.75.79.122:443)

TCP (HTTP SSL):
Connects to email.seznam.cz  (77.75.76.150:443)

TCP (HTTP SSL):
Connects to a104-103-100-29.deploy.static.akamaitechnologies.com  (104.103.100.29:443)

TCP (HTTP SSL):
Connects to sync.software.seznam.cz  (77.75.79.134:443)

TCP (HTTP SSL):
Connects to li700-68.members.linode.com  (88.80.189.68:443)

TCP (HTTP SSL):
Connects to ip206.ip-94-23-171.eu  (94.23.171.206:443)

TCP (HTTP SSL):
Connects to ec2-54-72-247-96.eu-west-1.compute.amazonaws.com  (54.72.247.96:443)

TCP (HTTP SSL):
Connects to ec2-52-72-13-151.compute-1.amazonaws.com  (52.72.13.151:443)

TCP (HTTP SSL):
Connects to ec2-52-59-65-103.eu-central-1.compute.amazonaws.com  (52.59.65.103:443)

TCP (HTTP SSL):
Connects to ec2-52-48-128-80.eu-west-1.compute.amazonaws.com  (52.48.128.80:443)

TCP (HTTP SSL):
Connects to ec2-52-30-191-133.eu-west-1.compute.amazonaws.com  (52.30.191.133:443)

TCP (HTTP SSL):
Connects to ec2-52-30-184-164.eu-west-1.compute.amazonaws.com  (52.30.184.164:443)

TCP (HTTP SSL):
Connects to ec2-52-29-150-30.eu-central-1.compute.amazonaws.com  (52.29.150.30:443)

TCP:
Connects to ec2-52-16-81-1.eu-west-1.compute.amazonaws.com  (52.16.81.1:8078)

TCP (HTTP SSL):
Connects to ec2-46-137-160-184.eu-west-1.compute.amazonaws.com  (46.137.160.184:443)

TCP (HTTP SSL):
Connects to cluster.ad-serverparc.nl  (95.211.181.4:443)

Remove seznam.cz.exe - Powered by Reason Core Security