zooface.exe

Sivi Technology Limited

The application zooface.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(ZoofaceP)”.
Publisher:
Sivi Technology Limited  (signed and verified)

MD5:
51532cd4633ad1a414484c0f413720b6

SHA-1:
428c6912f7e73a78a3cde146e5782729c4591def

SHA-256:
7b8bee9ebc1d0570f3f2fbb703d33543845bfbd7415c5d070b16f28208dc24f1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 10:14:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.15.11

File size:
416.9 KB (426,896 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\zooface\zooface.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/4/2016 3:53:15 AM

Valid to:
3/1/2017 8:56:03 AM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:
0C64B008825954802956B674

File PE Metadata
Compilation timestamp:
7/4/2016 9:46:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:kczhtHQxITgQ70N5asviZm8nPKKuUaXLA+s6JVd/QuBNWK5KS972dV:phtHQxITgQYKsvoAUcxJ0uHxV23

Entry address:
0x2DD71

Entry point:
D5, DF, 3A, 00, 00, D4, BD, C3, C2, C2, C2, 18, 79, DE, 79, 00, B6, 70, C9, 59, B4, 30, 00, 00, 00, 00, 64, 62, 62, 63, 66, B6, D8, 60, 6C, CF, FE, 6D, 59, C2, 08, 00, 00, 00, 00, B0, 79, 19, 31, 16, 59, 19, 31, 6E, 6B, 6A, B4, 15, B6, D5, 9C, 81, 1C, 7B, 00, 0E, F8, 6D, C2, 48, C1, FA, 78, C1, C2, C2, C2, C2, B0, 78, C9, 59, 9E, 00, 00, 00, 00, CF, FE, 6D, 59, C2, 08, 00, 00, 00, 00, B0, 79, 19, 31, 16, 59, 19, 31, 6E, 6B, 6A, B4, 15, B6, D5, 9C, 81, 1C, 7B, 00, 0E, F8, 6D, B4, 58, CD, C2, 48, C1, FA, 78...
 
[+]

Code size:
307 KB (314,368 bytes)

Service
Display name:
Protect Service(ZoofaceP)

Service name:
ZoofaceP

Description:
To ensure your Zooface software integrity. If this service is disabled or stopped, your Zooface software will not be kept integrity check. This service uninstalls itself when there is no Zooface softw

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove zooface.exe - Powered by Reason Core Security