home

zentimo.exe

Zentimo

Crystal Rich Ltd

The executable zentimo.exe, “Zentimo - An External Drive Manager” has been detected as malware by 5 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Zentimo xStorage Manager’.
Publisher:
Crystal Rich Ltd  (signed and verified)

Product:
Zentimo

Description:
Zentimo - An External Drive Manager

Version:
1.7.1.1224

MD5:
eff37122b77cfe314a42043b58eeb64a

SHA-1:
586899cfea03fafc1f71e597cb4bc88f0090e51b

SHA-256:
c32ef97557bf655b6433bb5ebb207821afead595097433c211b61f78ee056af0

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/15/2024 5:54:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160822-1

AVG
Win32/Floxif.A
2013.0.4447

ESET NOD32
Win32/Floxif.H virus
6.3

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

File size:
2.5 MB (2,671,511 bytes)

Product version:
1.7.1.1224

Copyright:
Copyright © 2013 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\zentimo\zentimo.exe

Digital Signature
Signed by:
Crystal Rich Ltd

Authority:
VeriSign, Inc.

Valid from:
12/16/2012 6:00:00 AM

Valid to:
1/16/2014 5:59:59 AM

Subject:
CN=Crystal Rich Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Crystal Rich Ltd, L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A3971F7D5A04EBA878183D0A57E1EC1

File PE Metadata
Compilation timestamp:
12/29/2012 3:02:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:0CEUXCgYPA4VxFmmNegCNrRm6SPORsKM9piLndsLFtxTR+Y8Vpn:0C1XGrrFmmNARwPQfdsLFtxdK

Entry address:
0x1000

Entry point:
E9, 4C, 4B, 05, 00, E8, 01, 00, 00, 00, C3, C3, EC, 8A, B2, AD, 81, A0, 05, F1, E7, 17, 76, E8, 65, AB, 0B, 61, FC, F8, 1C, B6, BE, BA, 5C, D5, F2, 8C, 8E, A6, FB, 8E, CD, 13, C5, 18, 20, 07, 1E, F8, 19, ED, 6C, 8D, AD, 2E, 8F, A5, B5, 6D, B1, 7D, 4A, 5F, 1F, 54, 6C, 56, D9, 84, 8B, 70, 18, BF, B2, 55, A4, 04, 04, B4, 8B, 28, F5, F1, 02, D0, 94, C7, E3, 4C, 69, 43, 37, 35, 29, 2B, CF, BB, 56, 3C, 16, 52, E6, 91, 81, 9B, 6D, 84, D0, A6, FD, D6, 98, 31, 3F, 3A, 5C, 5C, E6, 35, C1, 94, E9, 9F, D6, A7, 96, 4E...
 
[+]

Entropy:
7.6314

Packer / compiler:
Xtreme-Protector v1.05

Code size:
4.2 MB (4,358,144 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Zentimo xStorage Manager

Command:
C:\Program Files\zentimo\zentimo.exe \startup


Remove zentimo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.