» seznam.cz__120002.exe
Overview
Analysis
File Details
Network (21)

seznam.cz__120002.exe

Seznam.cz, a.s.

The application seznam.cz__120002.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address sdn.szn.cz on port 443.

File name:

Publisher:

Seznam.cz, a.s. (signed and verified)

MD5:

79bbc49980682b9a78878b50dc26f117

SHA-1:

96b5494be2a1e74cbadc3e32d7035d6160879976

SHA-256:

cc9cd98bb23f0506a2619b202ae45e6871172e50120a44bc7d586839b78d3299

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 11:40:55 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Seznam (M)

17.2.23.0

File size:

2.7 MB (2,817,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\seznam.cz__120002.exe

Digital Signature

Signed by:

Seznam.cz, a.s.

Authority:

thawte, Inc.

Valid from:

4/6/2016 2:00:00 AM

Valid to:

4/10/2017 1:59:59 AM

Subject:

CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

6B57C0310010618229A5DBCF37838A9F

File PE Metadata

Compilation timestamp:

2/21/2017 1:59:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x164E8E

Entry point:

E8, 51, 0C, 00, 00, E9, 8E, FE, FF, FF, 3B, 0D, 64, 6F, 65, 00, F2, 75, 02, F2, C3, F2, E9, 8F, 08, 00, 00, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, EC, 38, 66, 00, E8, 43, F6, 02, 00, 83, C4, 0C, 68, C4, C4, 62, 00, FF, 15, 84, D2, 5E, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, 54, 80, 61, 00, 56, FF, 15, 34, D2, 5E, 00, 68, 70, 80, 61, 00, 56, 8B, D8, FF, 15, 34, D2, 5E, 00, 68, 8C, 80, 61, 00, 56, 8B, F8, FF, 15, 34, D2, 5E, 00, 8B, F0, 85, DB, 74, 37, 85, FF, 74, 33, 85, F6, 74, 2F, 83, 25, 08... 
[+]

Code size:

1.9 MB (2,012,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to download.seznam.cz (77.75.77.38:443)

TCP (HTTP SSL):

Connects to software.seznam.cz (77.75.77.37:443)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to a23-42-27-27.deploy.static.akamaitechnologies.com (23.42.27.27:80)

TCP (HTTP SSL):

Connects to sdn.szn.cz (77.75.76.175:443)

TCP (HTTP):

Connects to a23-51-123-27.deploy.static.akamaitechnologies.com (23.51.123.27:80)

TCP (HTTP):

Connects to a23-55-155-27.deploy.static.akamaitechnologies.com (23.55.155.27:80)

Remove seznam.cz__120002.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.