Should I block it?

No, this file is 100% safe to run.

Relationships

Child process

winamp.exe (Winamp by Nullsoft Inc.)

Related files

PE file structure

Show functions

Import table

advapi32.dll

CryptReleaseContext, CryptGenRandom, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegCloseKey, CryptAcquireContextA

comctl32.dll

ImageList_Create, ImageList_ReplaceIcon, ImageList_Draw, ImageList_GetIcon, CreatePropertySheetPageW, DestroyPropertySheetPage, ImageList_Destroy, ImageList_GetIconSize, _TrackMouseEvent

crypt32.dll

CryptEncryptMessage, CertFreeCertificateContext, CertCloseStore, CertFindCertificateInStore, CertNameToStrW, CertGetNameStringW, CertGetCertificateContextProperty, CertOpenSystemStoreW

gdi32.dll

CreateRectRgn, Escape, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, GetMapMode, GetBkColor, GetBitmapBits, SetBitmapBits, CreateDIBSection, SetDIBColorTable, GdiFlush, CreateRectRgnIndirect, Rectangle, RealizePalette, CreatePalette, CreatePen, GetViewportOrgEx, Polygon, GetTextColor, CreateCompatibleBitmap, GetPixel, SetPixel, CreateCompatibleDC, SelectObject, SetBkColor, BitBlt, SetTextColor, DeleteDC, GetStockObject, DPtoLP, GetDeviceCaps, CreateBitmap, CreateBrushIndirect, DeleteObject, GetWindowOrgEx, CombineRgn, SetBkMode, SetBitmapDimensionEx, GetBitmapDimensionEx, SetBoundsRect, SetPixelV, CreateSolidBrush, SetTextAlign, Ellipse, LPtoDP, CreateEllipticRgn, GetRgnBox, SelectPalette, CreatePatternBrush, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, SetMapMode, SetROP2, SetPolyFillMode, CreatePolygonRgn, FillRgn, OffsetRgn, SetRectRgn, SaveDC, GetClipBox, ExtSelectClipRgn, SetStretchBltMode, SetDIBitsToDevice, RestoreDC, GetDIBits, PatBlt

kernel32.dll

SetEndOfFile, GetCurrentThread, SetEnvironmentVariableA, GetDriveTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetCurrentDirectoryA, LCMapStringA, GetStringTypeA, GetConsoleOutputCP, WriteConsoleA, InitializeCriticalSectionAndSpinCount, GetOEMCP, VirtualFree, HeapCreate, GetStartupInfoA, SetHandleCount, GetCommandLineW, GetModuleFileNameA, GetStdHandle, HeapSize, SetStdHandle, CreateThread, ExitThread, VirtualQuery, GetSystemInfo, VirtualAlloc, GetDateFormatA, GetTimeFormatA, GetFileType, PeekNamedPipe, GetConsoleMode, GetConsoleCP, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetModuleHandleA, CompareStringA, LocalAlloc, LocalLock, LocalUnlock, InterlockedExchange, SetThreadPriority, FreeResource, WaitForMultipleObjects, ResetEvent, QueryPerformanceFrequency, QueryPerformanceCounter, GetLocalTime, GetACP, GetOverlappedResult, GetProcessHeap, HeapAlloc, HeapFree, lstrlenA, IsBadReadPtr, TerminateThread, DeviceIoControl, Beep, LocalFree, MulDiv, GetTimeZoneInformation, FindClose, InterlockedDecrement, GetFileInformationByHandle, SetFilePointer, WriteFile, ReadFile, InterlockedIncrement, SetUnhandledExceptionFilter, GetCurrentProcessId, ExitProcess, SetEvent, ResumeThread, WritePrivateProfileStringA, GetPrivateProfileStringA, GetThreadLocale, SetThreadLocale, SetConsoleCtrlHandler, GlobalAlloc, GlobalFree, GlobalLock, HeapReAlloc, RtlUnwind, GlobalFlags, SetErrorMode, VirtualProtect, TlsFree, LocalReAlloc, TlsSetValue, GlobalUnlock, GetCurrentProcess, LoadLibraryA, FreeLibrary, RaiseException, SetLastError, GetFileSize, GetTickCount, GetCurrentThreadId, GetLastError, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WaitForSingleObject, CloseHandle, Sleep, LoadResource, LockResource, SizeofResource, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, ConvertDefaultLocale, EnumResourceLanguagesW, GlobalDeleteAtom, GetVersionExA, GetFileTime, GetFileSizeEx, FileTimeToLocalFileTime, FileTimeToSystemTime, ReleaseMutex, DuplicateHandle, UnlockFile, LockFile, FlushFileBuffers, SuspendThread, lstrcmpA, GlobalSize, CreateFileA

ole32.dll

StgOpenStorage, CoTaskMemFree, CoCreateInstance, CoInitialize, CoInitializeSecurity, CoTaskMemAlloc, CreateStreamOnHGlobal, OleSetContainedObject, OleCreateStaticFromData, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, ReleaseStgMedium, OleDuplicateData, CLSIDFromProgID, CLSIDFromString, CoFreeUnusedLibraries, OleInitialize, CoInitializeEx, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, OleGetClipboard, CoGetClassObject, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter, CoUninitialize, OleUninitialize

shell32.dll

SHGetMalloc, DragFinish, SHAppBarMessage

shlwapi.dll

PathFileExistsW, PathMatchSpecW, PathRemoveFileSpecW, PathIsRelativeW, PathRemoveExtensionW, PathFindExtensionW, PathFindFileNameW, PathRemoveBackslashW, PathAddBackslashW, PathIsURLW, PathCanonicalizeW, PathBuildRootW, PathStripToRootW, PathStripPathW, PathGetDriveNumberW, PathGetArgsW, PathIsRootW, PathCombineW, PathIsUNCW, UrlUnescapeW, PathRenameExtensionW

urlmon.dll

FindMimeFromData

user32.dll

DllMain

wininet.dll

InternetOpenUrlW, InternetErrorDlg, HttpSendRequestW, HttpAddRequestHeadersW, HttpOpenRequestW, InternetConnectW, InternetSetStatusCallbackW, InternetCrackUrlW, HttpQueryInfoW, InternetCanonicalizeUrlW, InternetCloseHandle, InternetReadFile, InternetWriteFile, InternetSetFilePointer, InternetGetLastResponseInfoW, InternetQueryDataAvailable, InternetQueryOptionW, InternetOpenW

winmm.dll

timeGetTime, timeGetDevCaps, timeBeginPeriod, timeEndPeriod

winspool.drv

ClosePrinter

zmule.exe

zMule by http://www.emule-project.net

Remove zmule.exe

Version:	2.1.9 Unicode
MD5:	085db9682976092a75e6044af98d4e6e
SHA1:	8c36205c1f8434a2b73a9b0adf6859c464d92365
SHA256:	f701aba0e6a55f1a88b3a134954dee343ff5eda2cd4afed02f95a41853f01030

Overview

zmule.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). This particular version is usually found on Microsoft Windows XP (5.1.2600.196608).

Details

File name:	zmule.exe
Publisher:	http://www.emule-project.net
Product name:	zMule
Typical file path:	C:\zmule\zmule.exe
File version:	2.1.9 Unicode
Size:	5.76 MB (6,044,160 bytes)
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'eMuleAutoStart' → C:\zMule\zmule.exe -AutoStart

Network connections

[TCP] 78-56-223-209.static.zebra.lt (78.56.223.209:4662)

[UDP] listens on port 2992

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00260297%	0.028634%
Kernel CPU:	0.00057844%	0.013761%
User CPU:	0.00202453%	0.014873%
Kernel CPU time:	815,625 ms/min	100,923,805ms/min
Context switches:	452/sec	284/sec
Memory
Private memory:	32.39 MB	21.59 MB
Private (maximum):	38.19 MB
Private (minimum):	4.16 MB
Non-paged memory:	32.39 MB	21.59 MB
Virtual memory:	129.53 MB	140.96 MB
Virtual memory (peak):	135.17 MB	169.69 MB
Working set:	14.02 MB	18.61 MB
Working set (peak):	38.74 MB	37.95 MB
Page faults:	45,677/min	2,039/min
I/O
I/O read transfer:	68.43 KB/sec	1.02 MB/min
I/O read operations:	27/sec	343/min
I/O write transfer:	20.19 KB/sec	274.99 KB/min
I/O write operations:	87/sec	227/min
I/O other transfer:	3.56 KB/sec	448.09 KB/min
I/O other operations:	360/sec	1,671/min
Resource allocations
Threads:	12	12
Handles:	328	600
GUI GDI count:	570	103
GUI USER count:	318	49

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command line:	"C:\zmule\zmule.exe"
Owner:	User
Parent process:	Explorer.EXE (Windows Explorer by Microsoft)

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	100.00%

Remove Adware and Spyware Programs, FREE Download!