» szninstall.exe
Overview
Analysis
File Details
Behaviors (1)

szninstall.exe

Seznam.cz, a.s.

The executable szninstall.exe has been detected as malware by 4 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘seznam-listicka-distribuce’.

File name:

szninstall.exe

Publisher:

Seznam.cz, a.s. (signed and verified)

MD5:

59f7748d5b4eef9765c46ae7daebb854

SHA-1:

e6e73c7e8f200f39da600a7800fa03356d0f97ba

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

11/23/2024 4:41:28 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Oncer

160905-0

Clam AntiVirus

Win.Worm.Brontok-88

0.98/22192

F-Prot

W32/Thecid.B@mm

4.6.5.141

Kaspersky

Email-Worm.Win32.Runouce

15.0.2.529

File size:

1 MB (1,069,124 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\seznam.cz\distribution\szninstall.exe

Digital Signature

Signed by:

Seznam.cz, a.s.

Authority:

Thawte, Inc.

Valid from:

4/10/2013 2:00:00 AM

Valid to:

4/11/2014 1:59:59 AM

Subject:

CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3C0F1ED2D0420BEE86C6856A3F0A4144

File PE Metadata

Compilation timestamp:

5/16/2013 3:24:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:fCZGGSEniyqZsG0YyPXDKGeN/jBeaj2TZ/U:1GeIYx1yTZ/U

Entry address:

0x108048

Entry point:

60, E8, E6, 19, 00, 00, 8B, 74, 24, 20, E8, 08, 00, 00, 00, 61, 68, F2, 4A, 46, 00, C3, E9, 59, E8, 01, 16, 00, 00, 81, E6, 00, F0, FF, FF, 81, EE, 00, 10, 00, 00, 66, 81, 3E, 4D, 5A, 75, F3, 0F, B7, 7E, 3C, 03, FE, 8B, 6F, 78, 03, EE, 8B, 5D, 20, 03, DE, 33, C0, 8B, D6, 83, C3, 04, 40, 8B, 3B, 03, FA, E8, 0F, 00, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 41, 64, 64, 72, 65, 73, 73, 00, 5E, 33, C9, B1, 0F, FC, F3, A6, 75, DA, 8B, F2, 8B, 5D, 24, 03, DE, 0F, B7, 0C, 43, 8B, 5D, 1C, 03, DE, 8B, 1C, 8B, 03, DE, 81... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

638.5 KB (653,824 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

seznam-listicka-distribuce

Command:

"C:\Program Files\seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate

Remove szninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.