home

ZaxarLoader.exe

Zaxar Game Browser

ZAXAR LTD

The application ZaxarLoader.exe by ZAXAR has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ZaxarLoader’. The file has been seen being downloaded from zxrmedia.com.
Publisher:
ZAXAR LTD  (signed and verified)

Product:
Zaxar Game Browser

Description:
Zaxar loader

Version:
4.0.0.2

MD5:
61032381f8fb14cac5f9da88651b45be

SHA-1:
d5ad958d3d996d800f580f09d38da9ace3ca9875

SHA-256:
b4e2087cff5e54b650ad767a417ab4623204e9636ab947f8b0e0e8eb3ad199f7

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/15/2024 3:25:38 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3219

Dr.Web
Adware.Zaxar.11
9.0.1.025

ESET NOD32
Win32/ZaxarGames (variant)
9.11067

Fortinet FortiGate
Riskware/ZaxarGames
1/25/2015

G Data
Win32.Application.Zaxar
15.1.24

McAfee
Artemis!61032381F8FB
5600.6875

Reason Heuristics
PUP.Startup.ZAXAR
15.1.25.5

Trend Micro House Call
Suspicious_GEN.F47V0117
7.2.25

File size:
277.2 KB (283,896 bytes)

Product version:
4.0.0.2

Copyright:
Copyright (C) 2014

Original file name:
ZaxarLoader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zaxar\zaxarloader.exe

Digital Signature
Signed by:
ZAXAR LTD

Authority:
VeriSign, Inc.

Valid from:
9/18/2014 3:00:00 AM

Valid to:
11/9/2015 1:59:59 AM

Subject:
CN=ZAXAR LTD, OU=IT, O=ZAXAR LTD, L=Limassol, S=Limassol, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37A90A8AF1DD4C6B68CD54DDB8C6D37D

File PE Metadata
Compilation timestamp:
1/16/2015 5:49:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:As3c/UW2aV9Zpk/UB4Wl/Zwms0SY+5VAle+h+2BIE:B3c/UIvZK/Url/Wms0SYje0X

Entry address:
0xDE00

Entry point:
E8, 99, 9E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 97, EC, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 28, 87, 42, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 01, 42, 00...
 
[+]

Code size:
124 KB (126,976 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ZaxarLoader

Command:
"C:\Program Files\zaxar\zaxarloader.exe" \verysilent


The file ZaxarLoader.exe has been seen being distributed by the following URL.

http://zxrmedia.com/client/.../ZaxarLoader.exe

Remove ZaxarLoader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.