home

zt_s2_pl.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bytesendclear.com and multiple other hosts.
MD5:
4e37a3fc1a553aa125d27be49026d083

SHA-1:
59c9e7541e0f790b7d16dc6560c961588e47a435

SHA-256:
253f031f201070e1eba899681514e9df8194e2e99092cab53c9a4ba25695f295

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/26/2024 12:49:40 AM UTC  (today)

File size:
4.9 MB (5,149,189 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/11/2014 10:03:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:TwN8RZNwr4rHv0/CmkorIwiF7Nwfb77kwjR0rE4pPsDYizl1ZccRvHA/Y7gYV+T6:TwN8RZNwErcQoNSk7kPAoPspTiqHA/+B

Entry address:
0x82720

Entry point:
60, BE, 00, E0, 47, 00, 8D, BE, 00, 30, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
20 KB (20,480 bytes)

The file zt_s2_pl.exe has been seen being distributed by the following 5 URLs.

http://www.bytesendclear.com/cIAKRtNh_0xI4pXYA8hOxlFg654pDrJcInXEgHMB7kZP0uXQ4_WPCGB2qxoQwZ qfSQ0FgJxurmykkby1rvE37sWLlcCv ayUn9XyuGwtVeN2aGq2jKM4hgtVGe8rFGOb8v0K0IzVuI2iUq HJdjR9qQJL4YZ5lRffHKLkiv 9JUyduiAc j0c38Nn09VmeDwCHUGLzOEqVe cEcp1HlsEizi W3ysLQ mCKEAI2eSgVxpqA9h05pLZOpiTPq6w7P6yRHPvHABM1JjZYi aE2ThtpiC Ls3xuYHnNLQac576EEqpC6Xv8nGznZ EJXNNgH1aJgPG0J_h9kX79vGSV8z9LGRGyf8iAngrFV2kno6mCG96MyrDmV7h1KmgC64wEPfi2MdOuoalymhpz4FqCum_fPQ955l2owQWALix555ladjTB1jH7z9crSWy A ncm5ECQMW9WNNyq5wHa14 Mo2JW IINtF4gAIzMypnAi1SV2Cofmjf6NRAbG6wgxBoc_hHFi3l80bRSIqZl0pqmkNpYBbEfQ2DYnUH92YJnfDYOse5Xymw iYRjKl5st709M8KSra-G24AAGRwXkxjyDfyeAMmcuDQ0gROoG8K20DemKKA7kC4LjuTczfIpdk_uI7I3j83W_79ewaGivGamPjV3DG7UzsqWlWzcejmxlBM5pgmAR9UrwI=-E

http://gamefiles.pl/files/.../ZT_S2_PL.exe

http://grajpopolsku.pl/?wpdmdl=841

http://grajpopolsku.pl/dwn/rom/.../ZT_S2_PL.exe

http://grajpopolsku.pl/downloads.php?cat_id=1&file_id=378

Scan zt_s2_pl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.