zpdl_latest.exe

Inmatrix LTD

The application zpdl_latest.exe, “Zoom Player Downloader” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address affordablelocksmiths.com on port 80 using the HTTP protocol.
Publisher:
Inmatrix LTD

Description:
Zoom Player Downloader

Version:
8.6.1.0

MD5:
3fe8c43372d936f0cb72e660310f4f9d

SHA-1:
a567b3c4e09ac1c1ff36d248538f04b1f5f0925e

SHA-256:
86c1d3fefca478bde7947fef43fedc3b6666f4f684cb530555443c0ba45788d7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:46:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Inmatrix
17.2.21.13

File size:
1011.1 KB (1,035,375 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\zoom player\cache\zpdl_latest.exe

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x89778

Entry point:
E9, F5, E1, F7, FF, F0, B8, D0, 94, 48, 00, E8, 20, D3, F7, FF, A1, A4, EC, 48, 00, 8B, 00, E8, 2C, 2D, FE, FF, A1, A4, EC, 48, 00, 8B, 00, BA, F0, 97, 48, 00, E8, 03, 29, FE, FF, 8B, 0D, 30, EB, 48, 00, A1, A4, EC, 48, 00, 8B, 00, 8B, 15, A4, 68, 48, 00, E8, 1B, 2D, FE, FF, 8B, 0D, F4, EA, 48, 00, A1, A4, EC, 48, 00, 8B, 00, 8B, 15, 18, 65, 48, 00, E8, 03, 2D, FE, FF, A1, A4, EC, 48, 00, 8B, 00, E8, 77, 2D, FE, FF, E8, EE, AC, F7, FF, 00, 00, FF, FF, FF, FF, 16, 00, 00, 00, 5A, 6F, 6F, 6D, 20, 50, 6C, 61...
 
[+]

Entropy:
7.3065

Packer / compiler:
Xtreme-Protector v1.05

Code size:
546.5 KB (559,616 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to affordablelocksmiths.com  (206.217.192.234:80)

Remove zpdl_latest.exe - Powered by Reason Core Security