seznam.cz.exe

Seznam.cz, a.s.

The application seznam.cz.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address login.szn.cz on port 443.
Publisher:
Seznam.cz, a.s.  (signed and verified)

MD5:
c458de9800a9ffd2e5ae7f8db1e7ff57

SHA-1:
da432bbdf22f58ce88ac03023281087c35e2935a

SHA-256:
2466f428636d7d7c3c8d59e038b95c30ab128a33639c2edfe6e32d1c648aff53

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 11:43:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Seznam (M)
16.10.19.12

File size:
1 MB (1,054,904 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/6/2016 2:00:00 AM

Valid to:
4/10/2017 1:59:59 AM

Subject:
CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6B57C0310010618229A5DBCF37838A9F

File PE Metadata
Compilation timestamp:
7/14/2016 5:06:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:j1Oh2aygHznXwDsmgn4WPdI6Vvfccu077kJuqqU32f9w6/3VmRsbs:j1Oh2alHzYsj4gFfccGH3yJVmROs

Entry address:
0x68C0E

Entry point:
E8, 80, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 4C, 24, 0C, 8B, 54, 24, 10, 8B, 5C, 24, 14, F7, C3, FF, FF, FF, FF, 74, 51, 2B, CA, F7, C2, 03, 00, 00, 00, 74, 18, 0F, B6, 04, 0A, 3A, 02, 75, 48, 85, C0, 0F, 44, D8, 42, 83, EB, 01, 76, 34, F6, C2, 03, 75, E8, 8D, 04, 0A, 25, FF, 0F, 00, 00, 3D, FC, 0F, 00, 00, 77, D9, 8B, 04, 0A, 3B, 02, 75, D2, 83, EB, 04, 76, 14, 8D, B0, FF, FE, FE, FE, 83, C2, 04, F7, D0, 23, C6, A9, 80, 80, 80, 80, 74, D1, 33, C0, 5E, 5B, C3, 8D, 64...
 
[+]

Code size:
647 KB (662,528 bytes)

Shell Open Command
Open type:
http

Command:
"C:\users\{user}\appdata\roaming\seznam browser\seznam.cz.exe" -surl="%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to software.seznam.cz  (77.75.77.37:443)

TCP (HTTP SSL):
Connects to download.seznam.cz  (77.75.77.38:443)

TCP (HTTP SSL):
Connects to h.imedia.cz  (77.75.79.9:443)

TCP (HTTP SSL):
Connects to 10.im.cz  (77.75.76.19:443)

TCP (HTTP SSL):
Connects to sdn.szn.cz  (77.75.76.183:443)

TCP (HTTP SSL):
Connects to www.seznam.cz  (77.75.79.39:443)

TCP (HTTP SSL):
Connects to zeptejsekrastyho.seznam.cz  (77.75.77.61:443)

TCP (HTTP SSL):
Connects to login.szn.cz  (77.75.76.55:443)

TCP (HTTP SSL):
Connects to im.pocasi.cz  (77.75.77.16:443)

TCP (HTTP SSL):
Connects to i.im.cz  (77.75.76.2:443)

TCP (HTTP SSL):
Connects to geo.seznam.cz  (77.75.76.146:443)

TCP (HTTP SSL):
Connects to 83.02.2da9.ip4.static.sl-reverse.com  (169.45.2.131:443)

TCP (HTTP SSL):
Connects to host-85.232.230.226.maxpi.pl  (85.232.230.226:443)

TCP (HTTP SSL):
Connects to search.seznam.cz  (77.75.79.120:443)

TCP (HTTP SSL):
Connects to img.firmy.cz  (77.75.79.25:443)

TCP (HTTP SSL):
Connects to assigned-81-0-212-199.casablanca.cz  (81.0.212.199:443)

TCP (HTTP SSL):
Connects to ad.seznam.cz  (77.75.76.72:443)

TCP (HTTP SSL):
Connects to srank.seznam.cz  (77.75.79.66:443)

TCP (HTTP):

Remove seznam.cz.exe - Powered by Reason Core Security