zplayer.exe

Inmatrix LTD

The executable zplayer.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address inmatrix.com on port 80 using the HTTP protocol.
Publisher:
Inmatrix LTD

Description:
Zoom Player

Version:
7.0.0.0

MD5:
056e521de96312a5c65a36548289286e

SHA-1:
7386ed610d4d975d89e9beed74e85992cd7d4017

SHA-256:
5cefda09f1a09e96cedff8c293105f629a4d8fd0b3c46176e080a896dccc9b3b

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/25/2024 2:47:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Bkav FE
HW32.CDB
1.3.0.4613

Reason Heuristics
Unnamed.Threat.11
14.2.27.8

File size:
1.2 MB (1,249,280 bytes)

Product version:
7.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zoom player\zplayer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:FqAdq6YAE55Ker4DMEyFRqBLcH6hEdivjQ93gcXjtlj+eJYRCn:/s60PKer4YfFI5cahCi7QFgWZoEYG

Entry address:
0x1000

Entry point:
B8, 7C, A8, 9A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, D6, 3D, 84, 1C, FD, 55, DD, 42, C4, E3, B2, 91, 8B, 9E, 78, 5F, B1, 83, 5D, 46, 47, 07, 34, 2B, E1, 1C, 20, 91, 34, D9, A1, 4A, 0E, DF, A7, 94, 7A, 8C, AF, 2B, EC, F4, D2, 94, 42, 46, C8, 33, 22, B6, 36, C3, 5C, 1E, 42, 52, 39, EB, 12, 50, 8F, 7A, 33, 46, 4B, 1D, 3E, 9C, A6, 1D, D7, 84, A0, 63, E2, 02, C0, EC, 25...
 
[+]

Entropy:
7.9807  (probably packed)

Code size:
2.8 MB (2,932,736 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to inmatrix.com  (69.56.182.222:80)

Remove zplayer.exe - Powered by Reason Core Security