zTscoder.exe

  • File Path: C:\Program Files (x86)\Zoom\bin\zTscoder.exe
  • Description: Zoom
  • Comments: Zoom

Screenshot

zTscoder.exe

Hashes

Type Hash
MD5 685CB56B9EEE21EE835A68392709D89B
SHA1 3B4699F5B40D31B86AD5DDD7FE3D25E5854C4DE8
SHA256 DD63A15CFF2CE34DC513C01E1E75F681CB6DDF8C1EC26074F31CA73098D3EBC2
SHA384 B7AF27C443909DA77483F7630DB4C2832E391A1BB18B342CAB15E5B9C60400D64FBB6781750757A9EF6C27C9D0D83680
SHA512 A53286C6181E90A486EC78B9ABD1C3ACBBB54C56FC068C7DE926EA66C6C0372D85B4945B810F3A324694B9C8B4BD047C4C788E50F4C24CA622558FE8FB56565F
SSDEEP 3072:mAsdFnRAtLNB/1j4O9KU7csmlp3vKpRBQ5qO:8ivlKU7cvCpRBwqO
IMP AE9E2550E0B8C30676C176ABCDB196AF
PESHA1 6D2672E5055475334E3AB9EBD5C7A7923977EF7D
PE256 347FB133A6ECD63EAE4911D6DEA4D32C24E13FB74B547CA5C9154C2029A403D4

Runtime Data

Window Title:

Zoom - Converting the meeting recording

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(RW-) C:\Users\user\AppData\Roaming\Zoom\appsafecheck.txt File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94 File
(RW-) C:\xCyclopedia File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\0b50b923-140c-4e7a-a328-947d3cab1b56 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\Program Files (x86)\Zoom\bin\zTscoder.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0510C6B2FF7AB71C786EF572239B1243
  • Thumbprint: 0F9ADA46756C17EFFFD467D10654E2A766566CB3
  • Issuer: CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=”Zoom Video Communications, Inc.”, O=”Zoom Video Communications, Inc.”, L=San Jose, S=California, C=US, SERIALNUMBER=4969967, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

File Metadata

  • Original Filename: Zoom
  • Product Name: Zoom
  • Company Name: Zoom Video Communications, Inc.
  • File Version: 5,3,52670,0921
  • Product Version: 5,3,52670,0921
  • Language: English (United States)
  • Legal Copyright: Zoom Video Communications, Inc. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/dd63a15cff2ce34dc513c01e1e75f681cb6ddf8c1ec26074f31ca73098d3ebc2/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Zoom\bin\Zoom.exe 40
C:\Program Files (x86)\Zoom\bin\Zoom.exe 38
C:\program files (x86)\Zoom\bin\Zoom.exe 30
C:\Program Files (x86)\Zoom\bin\Zoom.exe 35
C:\Program Files (x86)\Zoom\bin\ZoomDocConverter.exe 38
C:\Program Files (x86)\Zoom\bin\ZoomDocConverter.exe 38
C:\program files (x86)\Zoom\bin\ZoomDocConverter.exe 46
C:\Program Files (x86)\Zoom\bin\ZoomDocConverter.exe 40
C:\Program Files (x86)\Zoom\bin\zTscoder.exe 38
C:\program files (x86)\Zoom\bin\zTscoder.exe 43
C:\Program Files (x86)\Zoom\bin\zTscoder.exe 38

MIT License. Copyright (c) 2020-2021 Strontic.