zaxargamebrowser.exe

ZAXAR LTD

The application zaxargamebrowser.exe by ZAXAR has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from zxrmedia.com. While running, it connects to the Internet address mc.yandex.ru on port 80 using the HTTP protocol.
Publisher:
ZAXAR LTD  (signed and verified)

MD5:
4d53a34254cbc5723a5fb960fcd4a166

SHA-1:
9af6530f6f8de3fd3d14c5adc13788d1034037fe

SHA-256:
2f9bb15048e8703287853fbed4c163cddec688e8baed23a5a8eeb10dcd24f78f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 4:39:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ZAXAR.Q
14.8.27.12

File size:
2 MB (2,143,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zaxar\zaxargamebrowser.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/18/2014 4:00:00 AM

Valid to:
11/9/2015 3:59:59 AM

Subject:
CN=ZAXAR LTD, OU=IT, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58D9AA76EAED4710E22F835C6C71159E

File PE Metadata
Compilation timestamp:
9/3/2014 2:36:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MrOEQ0D84uVv/lm+sPHtwWZzyFpTs//7RYuNhfYGkJvLfyYx+6YV+Fj:MrjQS8Rv/lmNPHtw46T56rV+Fj

Entry address:
0x72B79

Entry point:
E8, 85, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C8, 34, 5D, 00, 89, 0D, C4, 34, 5D, 00, 89, 15, C0, 34, 5D, 00, 89, 1D, BC, 34, 5D, 00, 89, 35, B8, 34, 5D, 00, 89, 3D, B4, 34, 5D, 00, 66, 8C, 15, E0, 34, 5D, 00, 66, 8C, 0D, D4, 34, 5D, 00, 66, 8C, 1D, B0, 34, 5D, 00, 66, 8C, 05, AC, 34, 5D, 00, 66, 8C, 25, A8, 34, 5D, 00, 66, 8C, 2D, A4, 34, 5D, 00, 9C, 8F, 05, D8, 34, 5D, 00, 8B, 45, 00, A3, CC, 34, 5D, 00, 8B, 45, 04, A3, D0, 34, 5D, 00, 8D, 45, 08, A3, DC, 34, 5D...
 
[+]

Code size:
540 KB (552,960 bytes)

The file zaxargamebrowser.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (94.20.252.50:443)

TCP (HTTP):
Connects to pppoe-95.189.101.185.chittel.su  (95.189.102.185:80)

TCP (HTTP SSL):
Connects to pppoe-95.189.101.173.chittel.su  (95.189.102.173:443)

TCP (HTTP):
Connects to pppoe-95.189.101.158.chittel.su  (95.189.102.158:80)

TCP (HTTP SSL):
Connects to pppoe-95.189.101.155.chittel.su  (95.189.102.155:443)

TCP (HTTP SSL):
Connects to pppoe-95.189.101.147.chittel.su  (95.189.102.147:443)

TCP (HTTP):
Connects to mc.yandex.ru  (87.250.250.119:80)

Remove zaxargamebrowser.exe - Powered by Reason Core Security