Advice Request Is "zlunwise.exe" a Windows process ?

Please provide comments and solutions that are helpful to the author of this topic.

silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
JB007 said:
Hello,
I'm wondering if "zlunwise" is safe and a normal Windows 10 process ?
VT link : VirusTotal
Click to expand...
You may uploading to Kaspersky Threat Intelligence Portal

I found your file hash on AnyRun:
app.any.run

Analysis 93cdff364604debf54228a942ade70a2678520a5d912d4ba2b1fdea1f458f584.exe (MD5: AC2BF0BAE2CD5C57E085A25FF56A3BBD) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run app.any.run
 
  • Like
  • Thanks
Reactions: harlan4096, Shadowra, JB007 and 1 other person
JB007

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
SecureKongo said:
Which antivirus do you have installed on that system?
Click to expand...

silversurfer said:
You may uploading to Kaspersky Threat Intelligence Portal

I found your file hash on AnyRun:
app.any.run

Analysis 93cdff364604debf54228a942ade70a2678520a5d912d4ba2b1fdea1f458f584.exe (MD5: AC2BF0BAE2CD5C57E085A25FF56A3BBD) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run app.any.run
Click to expand...

SecureKongo said:
It should be part of ZoneAlarm. So if you are using a ZoneAlarm product, then you have nothing to worry about.
Click to expand...
Thanks @SecureKongo and @silversurfer for your answers.
I'll upload the file to KTIP.
Currently I'm using ESET SSP since the end of march (previously KSC) but I remember to have installed ZoneAlarm on this PC 1 or 2 years ago...
 
  • Like
Reactions: [correlate], roger_m, SeriousHoax and 3 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
This file seems to be something like "uninstaller" software from Wise, that's shown on AnyRun... but might be related to ZoneAlarm as mentioned by @SecureKongo

new.png

app.any.run

Analysis 93cdff364604debf54228a942ade70a2678520a5d912d4ba2b1fdea1f458f584.exe (MD5: AC2BF0BAE2CD5C57E085A25FF56A3BBD) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run app.any.run
 
  • Like
  • Thanks
Reactions: [correlate], SeriousHoax, Sunshine-boy and 4 others
JB007

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
silversurfer said:
This file seems to be something like "uninstaller" software from Wise, that's shown on AnyRun... but might be related to ZoneAlarm as mentioned by @SecureKongo

app.any.run

Analysis 93cdff364604debf54228a942ade70a2678520a5d912d4ba2b1fdea1f458f584.exe (MD5: AC2BF0BAE2CD5C57E085A25FF56A3BBD) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run app.any.run
Click to expand...
WiseVector ?
Also tested on this PC.
 
  • Like
Reactions: [correlate], Kongo and silversurfer
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
  • Like
  • Thanks
  • +Reputation
Reactions: [correlate], harlan4096, Kongo and 1 other person
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Your file also uploaded to Hybrid Analysis, marked as "whitelisted, based on MD5" so this file hash was known there:

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'zlunwise.exe'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com www.hybrid-analysis.com

EDIT: But a new file analysis 64-bit, looks different and marked red as "ambiguous"

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for '93cdff364604debf54228a942ade70a2678520a5d912d4ba2b1fdea1f458f584.exe'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com www.hybrid-analysis.com
 
Last edited:
  • Like
  • Thanks
Reactions: [correlate], JB007 and harlan4096
JB007

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
Last edited:
  • Like
  • Applause
Reactions: [correlate], SeriousHoax and silversurfer
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
Not an answer to the question, but maybe it's time to check your system for leftovers from other antivirus software:
Optimal removal for me is now:
1) Use the av's own uninstaller (Programs and Features).
2) Use the Antivirus Removal Tool to scan for leftovers and optionally run the included av's official specialized uninstaller.
antivirus-removal-tool.com

Antivirus Removal Tool - The technician friendly tool to detect and completely remove antivirus software.

Antivirus Removal Tool (freeware) is a portable program to detect and completely remove antivirus software. It will help you to identify current and past installations, and it will provide you with the official specialized uninstallers.
antivirus-removal-tool.com antivirus-removal-tool.com
3) Use the Farbar Recovery Scan Tool to clean registered security programs.
www.bleepingcomputer.com

Download Farbar Recovery Scan Tool

Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10 in normal or safe mode to diagnose malware issues.
www.bleepingcomputer.com www.bleepingcomputer.com
4) Use the Registrar Registry Manager to clean the registry

Resplendence Software - Registrar Registry Manager Home Edition

Advanced Registry Manager for Windows
www.resplendence.com
Click to expand...
From this thread:
malwaretips.com

Troubleshoot - Not a real problem, but I think it is weird none the less?

Not even sure if I should post this here in this forum, but here it goes. Okay, over a month ago I uninstalled KSC Free because I wanted to try Ziggo Safe online from F-Secure. (And I like Ziggo Safe Online so far.) Now today I used a program called HiBit System Information so that I would have...
malwaretips.com malwaretips.com
EDIT: added links to the mentioned software.
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: plat, [correlate], roger_m and 6 others
JB007

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
Gandalf_The_Grey said:
Not an answer to the question, but maybe it's time to check your system for leftovers from other antivirus software:

From this thread:
malwaretips.com

Troubleshoot - Not a real problem, but I think it is weird none the less?

Not even sure if I should post this here in this forum, but here it goes. Okay, over a month ago I uninstalled KSC Free because I wanted to try Ziggo Safe online from F-Secure. (And I like Ziggo Safe Online so far.) Now today I used a program called HiBit System Information so that I would have...
malwaretips.com malwaretips.com
Click to expand...
Thanks @Gandalf_The_Grey
I will take a look at this ASAP.
 
  • Like
Reactions: [correlate], Kongo and Gandalf_The_Grey
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,130
Last edited:
  • Thanks
  • Like
Reactions: JB007 and [correlate]
JB007

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
Andy Ful said:
@JB007

Do you also have zatutor.exe, zonestub.exe, and zclient.exe?
What is the location of zlunwise.exe? Is it a part of some installation?

See also:

Risk analysis for ZLUNWISE.EXE MD5:ac2bf0bae2cd5c57e085a25ff56a3bbd - Threat analysis: Low risk | Agics Security

Agics Filethreatrank geeft gratis malware informatie over bestanden op uw pc.
www.agicssecurity.com www.agicssecurity.com

The file hash is present on the nsrl list.
Click to expand...
Thanks @Andy Ful for your interest.
The file is not located in any folder; only in C:\zlunwise.exe ; no I did not find "zatutor.exe, zonestub.exe, and zclient.exe".
Is the presence on tyhe NSRL list mening that this file should be malicious ?
 
Last edited:
  • Like
Reactions: Andy Ful

Similar threads

simmerskool
AI Assist process explorer VT "access is denied"
Replies
3
Views
198
AI-Powered Dedicated Forum
Bot
Bot
Xeno1234
  • Locked
Tried to check power consumption of my PC but it might be malware.
Replies
3
Views
309
Windows Malware Removal Help & Support
nasdaq
nasdaq
M
Could I possibly solicit a more experience pair of eyes??
Replies
1
Views
163
Malware Analysis
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top