» {0000710f-9dc0-cc6}
Overview
Analysis
File Details

{0000710f-9dc0-cc6}

The file {0000710f-9dc0-cc6} has been detected as malware by 30 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

{0000710f-9dc0-cc6}

MD5:

8325e2e2086da51d097897f4c6382b69

SHA-1:

c7be32cd4f639024460ce81df0fddb7ada889dbb

SHA-256:

c249801c6e25d7c3fccfcd5c20545998096631d4f3f937932592bd641638daaf

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/24/2024 3:42:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.9420224

618

Agnitum Outpost

TrojanSpy.Bebloh

7.1.1

Avira AntiVirus

TR/Bublik.A.1

3.6.1.96

avast!

Win32:Malware-gen

2014.9-150527

AVG

Win32/Cryptor

2016.0.3096

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.15527

Bitdefender

Trojan.Generic.9420224

1.0.20.735

Comodo Security

UnclassifiedMalware

22028

Dr.Web

Trojan.Click2.61082

9.0.1.0147

Emsisoft Anti-Malware

Trojan.Generic.9420224

8.15.05.27.11

ESET NOD32

Win32/Spy.Bebloh

9.11590

Fortinet FortiGate

W32/KRYPTIK.PDA!tr

5/27/2015

F-Secure

Trojan.Generic.9420224

11.2015-27-05_4

G Data

Trojan.Generic.9420224

15.5.25

IKARUS anti.virus

Trojan.Crypt2

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.203.15832

Kaspersky

Trojan.Win32.Yakes

14.0.0.1975

McAfee

Artemis!8325E2E2086D

5600.6752

Microsoft Security Essentials

TrojanSpy:Win32/Shiotob.A

1.1.11602.0

MicroWorld eScan

Trojan.Generic.9420224

16.0.0.441

NANO AntiVirus

Trojan.Win32.Click2.byonyi

0.30.24.1357

Norman

Troj_Generic.NKGVD

11.20150527

nProtect

Trojan.Generic.9420224

15.05.07.01

Panda Antivirus

Generic Malware

15.05.27.11

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Quick Heal

TrojanSpy.Shiotob.r6

5.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.11H413

7.2.147

Trend Micro

TROJ_SPNR.11H413

10.465.27

VIPRE Antivirus

Trojan.Win32.Zbot.ata

40024

File size:

200.1 KB (204,861 bytes)

Common path:

C:\users\{user}\appdata\local\temp\{0000710f-9dc0-cc6}

File PE Metadata

Compilation timestamp:

7/24/2013 12:49:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:SZFIcUZ7m8okISPx7k4Um3RbYV/bBijBJOtOn/0SY/lp1:yIcynZPrl3JYNbBijB0OnUp1

Entry address:

0x4108

Entry point:

55, 8B, EC, 6A, FF, 68, 90, F0, 40, 00, 68, 20, 43, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 54, A2, 44, 00, 59, 83, 0D, E0, 97, 44, 00, FF, 83, 0D, F0, 97, 44, 00, FF, FF, 15, 50, A2, 44, 00, 8B, 0D, DC, 97, 44, 00, 89, 08, FF, 15, 4C, A2, 44, 00, 8B, 0D, D8, 97, 44, 00, 89, 08, A1, 48, A2, 44, 00, 8B, 00, A3, F4, 97, 44, 00, E8, 4E, 01, 00, 00, 39, 1D, E0, FD, 41, 00, 75, 0C, 68, C4, 42, 40, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

20 KB (20,480 bytes)

Remove {0000710f-9dc0-cc6} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.