home

قط على سطح المكتب (زيزوم نت ).exe

The executable قط على سطح المكتب (زيزوم نت ).exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.wynnea.com and multiple other hosts.
MD5:
0e4baee67e1dce71c1a334e22e50380e

SHA-1:
6eb1cb1d94a00daf1fb91218b050fdcba8436c03

SHA-256:
7ff0ecf2953b8662ede1577e330a514f09992c18aa3c14ed77cf2ffc115b0866

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/26/2024 11:46:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Orsam
7.1.1

AhnLab V3 Security
Win-AppCare/Xema.307200
2014.02.12

Baidu Antivirus
Trojan.Win32.ScreenMate
4.0.3.14220

Bkav FE
W32.MalwareOnlineGH.Trojan
1.3.0.4924

Comodo Security
ApplicUnsaf.Win32.Joke.ScreenMate
17771

ESET NOD32
Win32/Joke.ScreenMate
8.9411

Fortinet FortiGate
Riskware/ScreenMate
2/20/2014

File size:
300 KB (307,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\screenmates\قط على سطح المكتب (زيزوم نت ).exe

File PE Metadata
Compilation timestamp:
8/20/1999 4:45:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:QbB8IHeMQjhIWPrjAlZbXJsPAzCi7/isD:QthHeMQjZPrgZbWCCi7V

Entry address:
0x10B57

Entry point:
55, 8B, EC, 6A, FF, 68, 30, 78, 41, 00, 68, E8, 40, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 90, 71, 41, 00, 33, D2, 8A, D4, 89, 15, A4, F6, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, A0, F6, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 9C, F6, 41, 00, C1, E8, 10, A3, 98, F6, 41, 00, 33, F6, 56, E8, F1, 12, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 14, 28, 00, 00, FF, 15, 88, 71, 41, 00, A3, A0, 0C, 42, 00, E8...
 
[+]

Code size:
88 KB (90,112 bytes)

The file قط على سطح المكتب (زيزوم نت ).exe has been seen being distributed by the following 12 URLs.

http://www.wynnea.com/.../felix.exe

http://www.elektroda.pl/.../download.php?id=405599

http://s8299.chomikuj.pl/File.aspx?e=rLaleLhpFeb_JgrMbTYhD3WElZgbhvg7vk9WXD3EqOw16BNWt9zjKRnsyx64s83vBcKoT0tjQlZFJiYha8Jt_ePiBSxlh0dfUTr--oeRFCVaHTTC2kVfBd_BsfwTI0cSx5Drjtl0-Na8GrkruOpSwuVy-qv6g2nzB4AOGi7Kb-w&pv=2

http://s10851.chomikuj.pl/File.aspx?e=4lgqY43bU_QhJUMJ_JTCsLLnfXYcaoVA2MKGAptjsDMT7SNTj4LVNjHHdGu0bzpkkBIbIaVqyhuC6MEj398r91OR8A7wqYTZN5jMT0ckKEFrvjTbYU1BeLPNDXpd5wt2cA_J2PEWok3pXJvs6-qfUW3xXS1-RSdE5uk4r4XywtiA5WhgDjbW2VMRPyR8IISR&pv=2

http://www.workingwitches.com/.../KATZE.EXE

http://www.dziecionline.pl/download/.../felix.exe

http://s10851.chomikuj.pl/File.aspx?e=dJUyvdf7lIQ9tpNMlgtMtQ3UEgeszcy6v71zeECfgb56G5KXYkuwIBNmabDj8Pk14dMgC8lhyi8BP5gHEx3sb-DRGmObO5FLtBUmJMaENWqAaIyei8RQoS9BlQSrDUDTJ042Jp_jLPnUreQdwTIrGw&pv=2

http://s38.chomikuj.pl/File.aspx?e=dJUyvdf7lIQ9tpNMlgtMtbPBwbjHLbKW0R1fQHEHxanoRdmkgOIBWQeSBfKZDn6-ccqltsY8FsuNOlsJQeQtj1TU-E7Ca6XUsy392cZsjTrOhveYDkwffwKURY_NUbQi&pv=2

http://poczta.o2.pl/?cmd=getpart&link=2AYkwcktA3JT8sGQSAtPzbaPzM6c2OtLTPwbDOZhWaZjSMeP3OxPTPwMzNZMDMJ8zcaPDM2ODMkhmYjPTPZODMweDMJ8jNZjTMJ8DbadiNs8CMskwAikEAQpETBRiMfpEWVk

https://mg.mail.yahoo.com/ya/.../NgAAN5cSJ1kVQro1z0GjrU&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=08cffef7-519a-99e8-01a8-fa0511010000

http://bf1-attach.ymail.com/us.f1631.mail.yahoo.com/.../securedownload?mid=2_0_0_1_257459_AGzuHkgAABRiUknvoQAAAHKFpRc&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo&cred=PYw7xRkloCtmphXC6ktUgo6WFBiddWvQ8HSgbPd9Pg2uUxf14TSmnHEnEw--&ts=1380587283&partner=ymail&sig=M0RNaqgLG_TcvAZE7Xqjng--

http://us-mg6.mail.yahoo.com/.../download?mid=2_0_0_1_257459_AGzuHkgAABRiUknvoQAAAHKFpRc&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.