» zengaming setup.exe
Overview
Analysis
File Details
Downloads (1)

zengaming setup.exe

meridionali

Luna Kayla

The executable zengaming setup.exe has been detected as malware by 25 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from copy.com.

File name:

zengaming setup.exe

Publisher:

Luna Kayla

Product:

meridionali

Version:

2.3236.22.1

MD5:

b85a2b593eeb5e9312e5d6ff95790a76

SHA-1:

c2d2f83bf7e07742132cd53313d5bd1704e85295

SHA-256:

e97a781c67f33e8bc22251d2fc0779b468ec25b685dfadd988041ebe9af3594e

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

11/26/2024 11:38:35 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.180603

189

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

AhnLab V3 Security

Trojan/Win32.MSIL

2016.02.06

Avira AntiVirus

TR/Dropper.MSIL.253898

8.3.2.4

Arcabit

Trojan.Zusy.D2C17B

1.0.0.653

AVG

MSIL9

2017.0.2667

Bitdefender

Gen:Variant.Zusy.180603

1.0.20.1060

Emsisoft Anti-Malware

Gen:Variant.Zusy.180603

8.16.07.30.01

ESET NOD32

MSIL/Injector.NWB (variant)

10.12983

Fortinet FortiGate

MSIL/Kryptik.FBG!tr

7/30/2016

F-Secure

Gen:Variant.Zusy.180603

11.2016-30-07_7

G Data

Gen:Variant.Zusy.180603

16.7.25

IKARUS anti.virus

Evilware.Outbreak

t3scan.2.0.6.0

K7 AntiVirus

Trojan

13.213.18657

Kaspersky

Trojan.MSIL.Agent

14.0.0.-170

Malwarebytes

Spyware.KeyBase

v2016.07.30.01

McAfee

Trojan-FHTM!B85A2B593EEB

5600.6323

Microsoft Security Essentials

VirTool:MSIL/Injector.IP

1.1.12400.0

MicroWorld eScan

Gen:Variant.Zusy.180603

17.0.0.636

NANO AntiVirus

Trojan.Win32.NWB.eaawaj

1.0.14.5798

Panda Antivirus

Trj/CI.A

16.07.30.01

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Sophos

Mal/MSIL-QM

4.98

Trend Micro

TROJ_GEN.R011C0RB416

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

46992

File size:

462 KB (473,088 bytes)

Product version:

2.3236.22.1

Original file name:

meridionali.exe

File type:

Executable application (Win32 EXE)

Language:

Swedish (Sweden)

Common path:

C:\users\{user}\downloads\zengaming setup.exe

File PE Metadata

Compilation timestamp:

2/1/2016 1:25:57 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:y03nKhH3H/L6Onr1sJk6CZ+YXl27Xo2oA+fdBq525aRhKh35MNKWn4/TSLa:y0X6PL689gYXlQo2oAZVhe36Qi4

Entry address:

0x5EFBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 01, 00, 00, 00, 58, 00, 00, 80, 02, 00, 00, 00, 68, 01, 00, 80, 03, 00, 00, 00, 88, 01, 00, 80, 05, 00, 00, 00, A0, 01, 00, 80, 06, 00, 00, 00, D0, 01, 00, 80, 0C, 00, 00, 00, 50, 02... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

372 KB (380,928 bytes)

The file zengaming setup.exe has been seen being distributed by the following URL.

https://copy.com/.../Zengaming Setup.exe

Remove zengaming setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.