home

z3x_shell.exe

MD5:
a40e5e59d217de123bf65d31fb67e0a9

SHA-1:
b6b6cca2f584a72289cbf451aea4845461fac05b

SHA-256:
564130c73a6275a5330d507c275c9eb05cc3ebc589cbafdda0fa640886827067

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 5:16:40 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6979

Comodo Security
Virus.Win32.Virut.CE
22820

McAfee
Artemis!A40E5E59D217
5600.6658

VIPRE Antivirus
VirTool.Win32.Obfuscator.XZ
42176

ViRobot
Trojan.Win32.A.Gena.9101312[h]
2014.3.20.0

File size:
8.7 MB (9,101,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\z3x\z3x_shell.exe

File PE Metadata
Compilation timestamp:
5/12/2013 4:25:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:a4KgndoR5XGSEDm4ltjaVZQUlCJIvvmzT4pcUG2R0o6vyrJuBUyG1dKvaDVgSS4I:a4KgORJGnC4jCZtCMOzT4pcUG2RgyrJm

Entry address:
0x128497B

Entry point:
68, 95, 58, C2, BD, E8, 3C, 07, 22, 00, 49, D4, E9, D5, 6F, 31, 1B, 88, 61, 9A, EA, 34, 9F, D6, 23, 1F, A3, 43, F7, CD, BB, A9, E2, 82, D8, 57, 86, AB, 57, 2B, E6, 84, D2, 9D, B8, 4E, E8, 9E, 3F, B7, F1, 4E, AF, 35, 91, 55, A0, 3F, 71, BC, CA, B3, A1, DE, 48, F3, 43, 74, 4D, 2A, FA, 82, 47, 7D, 4D, 69, C2, 7C, 54, 65, C6, 70, B9, 45, FB, 42, 85, 62, 69, 04, C6, A1, 3B, 47, 05, A8, 06, AB, 46, 8F, 53, 45, 11, C4, 56, 5D, F0, 3F, 82, BA, B7, 18, 0C, 66, 4C, D8, 8E, C0, 4C, 13, 97, 72, 55, 06, 2B, 81, 83, 16...
 
[+]

Entropy:
7.8647  (probably packed)

Code size:
4.9 MB (5,117,952 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.185.107.4.46.clients.your-server.de  (46.4.107.185:80)

Scan z3x_shell.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.