home

zam.exe

AntiMalware

Zemana Ltd.

It runs as a separate (within the context of its own process) windows Service named “ZAM Controller Service”. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Zemana Ltd.  (signed and verified)

Product:
AntiMalware

Description:
Zemana AntiMalware

Version:
2.4.1.100

MD5:
3575c174480f06db15f4d63455508866

SHA-1:
197eb3598f8d5ed18b3b171500d436205e09ddce

SHA-256:
d69a83b80e0259e7702b4987740bbf4b6a2bfd32dad3e84fca401d65dae185d4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:32:10 AM UTC  (today)

File size:
9.7 MB (10,167,664 bytes)

Product version:
2.4.1.100

Copyright:
Zemana Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\zemana antimalware\zam.exe

Digital Signature
Signed by:
Zemana Ltd.

Authority:
DigiCert Inc

Valid from:
12/15/2014 7:00:00 PM

Valid to:
12/20/2017 7:00:00 AM

Subject:
CN=Zemana Ltd., O=Zemana Ltd., L=Edirne, C=TR

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0210230FD364B469091B8A4440145E18

File PE Metadata
Compilation timestamp:
2/17/2015 3:02:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:UL8KQDzQHp5cswmx6GwSwmtZLC3Ca6e5It5lZljMW2vwH86WAhwpN4922FDbgm6Z:DDcHNGSCbQW6FXsRd0RprNg

Entry address:
0x2CBC

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, E0, A5, 00, A1, 9F, E0, A5, 00, C1, E0, 02, A3, A3, E0, A5, 00, 52, 6A, 00, E8, 19, 93, 65, 00, 8B, D0, 89, 15, A7, E0, A5, 00, E8, 18, 83, 64, 00, 5A, E8, 5A, 80, 64, 00, E8, 6D, 84, 64, 00, 6A, 00, E8, AA, 4B, 65, 00, 59, 68, 48, E0, A5, 00, 6A, 00, E8, ED, 92, 65, 00, A3, A7, E0, A5, 00, 6A, 00, E9, D5, 39, 65, 00, E9, DC, 4B, 65, 00, 33, C0, A0, 91, E0, A5, 00, C3, A1, A7, E0, A5, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9...
 
[+]

Entropy:
6.8223

Code size:
6.4 MB (6,672,384 bytes)

Service
Display name:
ZAM Controller Service

Service name:
ZAMSvc

Type:
Win32OwnProcess


The file zam.exe has been seen being distributed by the following 2 URLs.

http://gsf-cf.softonic.com/197/eb3/.../ZAMv2-4-1-100.exe

http://dl9.zemanaltd.netdna-cdn.com/.../ZAMv2.4.1.100.exe

Scan zam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.