home

zetaviewer.exe

ZetaGamesViewer

Underberry lp

The application zetaviewer.exe by Underberry lp has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ZetaGamesViewer’.
Publisher:
Underberry lp  (signed and verified)

Product:
ZetaGamesViewer

Description:
ZetaGames

Version:
4.1.0

MD5:
a9c84746d6b837238df1b205c2c29ba5

SHA-1:
08b9b7bdd2bcb4be8ea1fd501f5b763c167712a9

SHA-256:
7a0189ba0a16d96d26babba0a9485487364b6782734c27ce78fc6a5e8b13d502

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:32:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ZetaGames (M)
17.2.9.6

File size:
1.6 MB (1,627,296 bytes)

Product version:
4.1.0

Copyright:
Copyright © 2016, Underberry lp

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\zetagamesviewer\zetaviewer.exe

Digital Signature
Signed by:
Underberry lp

Authority:
COMODO CA Limited

Valid from:
5/6/2015 4:00:00 AM

Valid to:
5/6/2016 3:59:59 AM

Subject:
CN=Underberry lp, OU=dev, O=Underberry lp, STREET=84 Park Road, L=Rosyth, S=Outside United States, PostalCode=KY112JL, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
751C1D13BC1F1059A755363291D2CBD3

File PE Metadata
Compilation timestamp:
4/13/2016 12:45:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x55CE

Entry point:
FE, FF, FF, 8B, D6, E8, EC, DB, FF, FF, 8B, 85, D0, FE, FF, FF, BA, 30, 56, 40, 00, E8, 70, DD, FF, FF, 75, 04, 33, C0, EB, 02, B0, 01, 88, 45, FB, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 18, 56, 40, 00, 8D, 85, D0, FE, FF, FF, BA, 08, 00, 00, 00, E8, A8, DA, FF, FF, C3, E9, 1A, D5, FF, FF, EB, E8, 8A, 45, FB, 5F, 5E, 5B, 8B, E5, 5D, C2, 04, 00, 01, 2E, 00, 00, FF, FF, FF, FF, 02, 00, 00, 00, 2E, 2E, 00, 00, 55, 8B, EC, 53, 57, 89, C3, 60, E8, 97, FC, FF, FF, E8, 26, EF, FF, FF, 89, 43, 18, 61, 60, 8D, 43, 1C...
 
[+]

Code size:
1.1 MB (1,138,176 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ZetaGamesViewer

Command:
C:\users\{user}\appdata\local\zetagamesviewer\zetaviewer.exe --show-hidden


Remove zetaviewer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.