home

0001363c.exe

The executable 0001363c.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
2bba9aa7bc2494aa4139ab7fcd28311f

SHA-1:
b3e9ab9225474aa4110ce7c04157a980ba8828ea

SHA-256:
ea4823d87a436a66b82ccb92edb801afe9071bd081f4009441c24938dfa87d5e

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/25/2024 3:29:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Inject.AQQ
895

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2014.08.14

Avira AntiVirus
TR/Crypt.ZPACK.67526
7.11.167.34

avast!
Win32:Injector-BRZ [Trj]
2014.9-140823

AVG
SHeur4
2015.0.3373

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14823

Bitdefender
Trojan.Inject.AQQ
1.0.20.1175

Comodo Security
UnclassifiedMalware
19186

Emsisoft Anti-Malware
Trojan.Inject.AQQ
8.14.08.23.08

ESET NOD32
Win32/Injector.BCWT (variant)
8.10253

Fortinet FortiGate
W32/Injector.BCKP!tr
8/23/2014

F-Secure
Trojan.Inject.AQQ
11.2014-23-08_7

G Data
Trojan.Inject.AQQ
14.8.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13043

Kaspersky
Trojan.Win32.Inject
14.0.0.3361

Malwarebytes
Spyware.Zbot.ED
v2014.08.23.08

McAfee
RDN/Spybot.bfr!l
5600.7029

Microsoft Security Essentials
VirTool:Win32/Injector.gen!ET
1.10802

MicroWorld eScan
Trojan.Inject.AQQ
15.0.0.705

NANO AntiVirus
Trojan.Win32.Inject.cxbldm
0.28.2.61519

Norman
Agent.BCFRL
11.20140823

nProtect
Trojan.Inject.AQQ
14.08.13.01

Panda Antivirus
Trj/Genetic.gen
14.08.23.08

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
Trojan.Inject.r4
8.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.2.17

Sophos
Mal/Zbot-QT
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Refroso
10403

Trend Micro House Call
TROJ_SPNR.11EM14
7.2.235

Trend Micro
TROJ_SPNR.11EM14
10.465.23

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32204

ViRobot
Trojan.Win32.U.Downloader.483840
2011.4.7.4223

File size:
308 KB (315,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\0001363c.exe

File PE Metadata
Compilation timestamp:
4/23/2014 10:34:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
6144:k9yTLm8cgr2hGZX0rqM2fh0qTrrnCRXwuZ4VBPt8vfc27c:ayTcHhWX000qTrj2XVZ6Zf

Entry address:
0x1D0C

Entry point:
55, 8B, EC, 6A, FF, E9, E4, 1B, 00, 00, 64, A1, 00, 00, 00, 00, 68, 46, 35, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, E8, F0, 18, 00, 00, EB, 48, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, E8, A5, 03, 00, 00, 90, 8B, 0D, 4C, 64, 40, 00, 89, 08, E8, 17, 08, 00, 00, 90, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, C6, 09, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, 8B, CF...
 
[+]

Entropy:
7.8113

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

Remove 0001363c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.