seznam.cz__120002.exe

Seznam.cz, a.s.

The application seznam.cz__120002.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address sdn.szn.cz on port 443.
Publisher:
Seznam.cz, a.s.  (signed and verified)

MD5:
79bbc49980682b9a78878b50dc26f117

SHA-1:
96b5494be2a1e74cbadc3e32d7035d6160879976

SHA-256:
cc9cd98bb23f0506a2619b202ae45e6871172e50120a44bc7d586839b78d3299

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:12:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Seznam (M)
17.2.23.0

File size:
2.7 MB (2,817,728 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\seznam.cz__120002.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/6/2016 2:00:00 AM

Valid to:
4/10/2017 1:59:59 AM

Subject:
CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6B57C0310010618229A5DBCF37838A9F

File PE Metadata
Compilation timestamp:
2/21/2017 1:59:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x164E8E

Entry point:
E8, 51, 0C, 00, 00, E9, 8E, FE, FF, FF, 3B, 0D, 64, 6F, 65, 00, F2, 75, 02, F2, C3, F2, E9, 8F, 08, 00, 00, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, EC, 38, 66, 00, E8, 43, F6, 02, 00, 83, C4, 0C, 68, C4, C4, 62, 00, FF, 15, 84, D2, 5E, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, 54, 80, 61, 00, 56, FF, 15, 34, D2, 5E, 00, 68, 70, 80, 61, 00, 56, 8B, D8, FF, 15, 34, D2, 5E, 00, 68, 8C, 80, 61, 00, 56, 8B, F8, FF, 15, 34, D2, 5E, 00, 8B, F0, 85, DB, 74, 37, 85, FF, 74, 33, 85, F6, 74, 2F, 83, 25, 08...
 
[+]

Code size:
1.9 MB (2,012,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to download.seznam.cz  (77.75.77.38:443)

TCP (HTTP SSL):
Connects to software.seznam.cz  (77.75.77.37:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to sdn.szn.cz  (77.75.76.175:443)

TCP (HTTP):

TCP (HTTP):

Remove seznam.cz__120002.exe - Powered by Reason Core Security