zengaming setup.exe

meridionali

Luna Kayla

The executable zengaming setup.exe has been detected as malware by 25 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from copy.com.
Publisher:
Luna Kayla

Product:
meridionali

Version:
2.3236.22.1

MD5:
b85a2b593eeb5e9312e5d6ff95790a76

SHA-1:
c2d2f83bf7e07742132cd53313d5bd1704e85295

SHA-256:
e97a781c67f33e8bc22251d2fc0779b468ec25b685dfadd988041ebe9af3594e

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/28/2024 5:48:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.180603
189

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

AhnLab V3 Security
Trojan/Win32.MSIL
2016.02.06

Avira AntiVirus
TR/Dropper.MSIL.253898
8.3.2.4

Arcabit
Trojan.Zusy.D2C17B
1.0.0.653

AVG
MSIL9
2017.0.2667

Bitdefender
Gen:Variant.Zusy.180603
1.0.20.1060

Emsisoft Anti-Malware
Gen:Variant.Zusy.180603
8.16.07.30.01

ESET NOD32
MSIL/Injector.NWB (variant)
10.12983

Fortinet FortiGate
MSIL/Kryptik.FBG!tr
7/30/2016

F-Secure
Gen:Variant.Zusy.180603
11.2016-30-07_7

G Data
Gen:Variant.Zusy.180603
16.7.25

IKARUS anti.virus
Evilware.Outbreak
t3scan.2.0.6.0

K7 AntiVirus
Trojan
13.213.18657

Kaspersky
Trojan.MSIL.Agent
14.0.0.-170

Malwarebytes
Spyware.KeyBase
v2016.07.30.01

McAfee
Trojan-FHTM!B85A2B593EEB
5600.6323

Microsoft Security Essentials
VirTool:MSIL/Injector.IP
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.180603
17.0.0.636

NANO AntiVirus
Trojan.Win32.NWB.eaawaj
1.0.14.5798

Panda Antivirus
Trj/CI.A
16.07.30.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Sophos
Mal/MSIL-QM
4.98

Trend Micro
TROJ_GEN.R011C0RB416
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
46992

File size:
462 KB (473,088 bytes)

Product version:
2.3236.22.1

Copyright:
Copyright © 2016

Original file name:
meridionali.exe

File type:
Executable application (Win32 EXE)

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\downloads\zengaming setup.exe

File PE Metadata
Compilation timestamp:
2/1/2016 1:25:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:y03nKhH3H/L6Onr1sJk6CZ+YXl27Xo2oA+fdBq525aRhKh35MNKWn4/TSLa:y0X6PL689gYXlQo2oAZVhe36Qi4

Entry address:
0x5EFBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 01, 00, 00, 00, 58, 00, 00, 80, 02, 00, 00, 00, 68, 01, 00, 80, 03, 00, 00, 00, 88, 01, 00, 80, 05, 00, 00, 00, A0, 01, 00, 80, 06, 00, 00, 00, D0, 01, 00, 80, 0C, 00, 00, 00, 50, 02...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
372 KB (380,928 bytes)

The file zengaming setup.exe has been seen being distributed by the following URL.

Remove zengaming setup.exe - Powered by Reason Core Security