home

zam.exe

AntiMalware

Zemana Ltd.

It runs as a separate (within the context of its own process) windows Service named “ZAM Controller Service”. The file has been seen being downloaded from sharewareonsale.com and multiple other hosts.
Publisher:
Zemana Ltd.  (signed and verified)

Product:
AntiMalware

Description:
Zemana AntiMalware

Version:
2.1.1.621

MD5:
742578614e1126314d77fcee0de7fdd8

SHA-1:
60867140ca0db0da5b9b2121869702a4d21f2fe4

SHA-256:
5eb3be3b7cff6f3b11ca21f7c0e3bdf05c3a3fef29b96f76417af9e70d221a43

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:30:27 AM UTC  (today)

File size:
9.3 MB (9,710,960 bytes)

Product version:
2.1.1.621

Copyright:
Zemana Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\zemana antimalware\zam.exe

Digital Signature
Signed by:
Zemana Ltd.

Authority:
DigiCert Inc

Valid from:
12/15/2014 6:00:00 PM

Valid to:
12/20/2017 6:00:00 AM

Subject:
CN=Zemana Ltd., O=Zemana Ltd., L=Edirne, C=TR

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0210230FD364B469091B8A4440145E18

File PE Metadata
Compilation timestamp:
1/23/2015 9:55:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:eDKdsygk6evPkYkR62Ef4A2WhHupcCvaHnav2FnkxqSGgavdEdV:VgXwavoFk8SOq

Entry address:
0x2C2C

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 10, A3, 00, A1, 9F, 10, A3, 00, C1, E0, 02, A3, A3, 10, A3, 00, 52, 6A, 00, E8, C7, C9, 62, 00, 8B, D0, 89, 15, A7, 10, A3, 00, E8, AC, BC, 61, 00, 5A, E8, EE, B9, 61, 00, E8, 01, BE, 61, 00, 6A, 00, E8, E2, 82, 62, 00, 59, 68, 48, 10, A3, 00, 6A, 00, E8, 9B, C9, 62, 00, A3, A7, 10, A3, 00, 6A, 00, E9, 0D, 71, 62, 00, E9, 14, 83, 62, 00, 33, C0, A0, 91, 10, A3, 00, C3, A1, A7, 10, A3, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9...
 
[+]

Entropy:
6.7998

Code size:
6.2 MB (6,488,064 bytes)

Service
Display name:
ZAM Controller Service

Service name:
ZAMSvc

Type:
Win32OwnProcess


The file zam.exe has been seen being distributed by the following 2 URLs.

http://sharewareonsale.com/?download_file=2063463&order=wc_order_54c8b6796c9db&email=info@art-deco.com.gr&key=1263a20f7792b29640cab1cd25aa7101

http://dl9.zemanaltd.netdna-cdn.com/.../ZAMv2.1.1.621.exe

Scan zam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.