zaxargames.exe

Zaxar Ltd

The application zaxargames.exe by Zaxar has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from zaxargames.com and multiple other hosts.
Publisher:
Zaxar Ltd  (signed and verified)

MD5:
1cc70f8fd134bf7f556fca762a0a8ee7

SHA-1:
c6172110f54499e520e07e7411ab4aba53dbb953

SHA-256:
fae742b522661b12f6f1330d2e67d8ce663a42dbb2e0ba683fa9c0201570e88c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 3:40:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zaxar.K
14.4.13.22

File size:
319.3 KB (326,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\zaxargames.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/16/2013 4:00:00 AM

Valid to:
10/11/2013 3:59:59 AM

Subject:
CN=Zaxar Ltd, OU=it, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zaxar Ltd, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
144029F97E1EFC577CF73EC8D814C85C

File PE Metadata
Compilation timestamp:
7/9/2013 3:01:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:6mxWdHqOmyrvrZ88edmGGGXEqcjle+h+2QoL:6mx7OmyrF8pUGGGXELReQ

Entry address:
0xE133

Entry point:
E8, 43, 7A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 26, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 8C, 21, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, 95, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C...
 
[+]

Code size:
129.5 KB (132,608 bytes)

The file zaxargames.exe has been seen being distributed by the following 5 URLs.

Remove zaxargames.exe - Powered by Reason Core Security