» {000148d0-5fef-7a47}
Overview
Analysis
File Details

{000148d0-5fef-7a47}

Visitor

Bee stronger worse - www.Visitor.com

The file {000148d0-5fef-7a47}, “Elephant tank trunk combine” has been detected as malware by 30 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Bee stronger worse - www.Visitor.com

Product:

Visitor

Description:

Elephant tank trunk combine

Version:

3.0.0.2

MD5:

d6833c68dcdf1fe8a1761cebc63f7790

SHA-1:

3163581b916b224e837ead198aae609b935e6398

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/25/2024 6:20:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.39799

647

AhnLab V3 Security

Backdoor/Win32.Androm

15.04.28

Avira AntiVirus

TR/Crypt.Xpack.61201

7.11.150.66

avast!

Win32:Zbot-SST [Trj]

2014.9-150428

AVG

PSW.Generic12

2016.0.3125

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.15428

Bitdefender

Gen:Variant.Symmi.39799

1.0.20.590

Comodo Security

TrojWare.Win32.Kryptik.BVNT

18286

Dr.Web

Trojan.PWS.SpySweep.1203

9.0.1.0118

Emsisoft Anti-Malware

Gen:Variant.Symmi.39799

8.15.04.28.04

ESET NOD32

Win32/Injector.BAAZ (variant)

9.9816

Fortinet FortiGate

W32/Injector.AZFU!tr

4/28/2015

F-Secure

Gen:Variant.Symmi.39799

11.2015-28-04_3

G Data

Gen:Variant.Symmi.39799

15.4.24

IKARUS anti.virus

Virus.Win32.Injector

t3scan.1.6.1.0

Kaspersky

Trojan.Win32.Yakes

14.0.0.2122

Malwarebytes

Trojan.Inject

v2015.04.28.04

McAfee

RDN/Generic PWS.y!yw

5600.6781

Microsoft Security Essentials

VirTool:Win32/Injector.EP

1.10502

MicroWorld eScan

Gen:Variant.Symmi.39799

16.0.0.354

NANO AntiVirus

Trojan.Win32.Zbot.cuaewr

0.28.0.59911

Norman

Injector.GEAF

11.20150428

Panda Antivirus

Generic Malware

15.04.28.04

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.1693EF69!378793833

23.00.65.15426

Sophos

Mal/Inject-EQ

4.98

Trend Micro House Call

TROJ_KRYPTK.SM37

7.2.118

Trend Micro

TROJ_GEN.R0C1C0EC114

10.465.28

Vba32 AntiVirus

TrojanSpy.Zbot.rpty

3.12.26.0

VIPRE Antivirus

Worm.Win32.Dorkbot.b

29340

File size:

180.5 KB (184,832 bytes)

Product version:

3.0

Trademarks:

Visitor

Original file name:

Tape.exe

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{000148d0-5fef-7a47}

File PE Metadata

Compilation timestamp:

2/24/2014 5:40:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:SqGblTdJ3q0EUnhxKJ2TNcT17/R5JtLCXVtSynazKu6SmUyZ5dt2Z:SDtdJ7T+ZR5JwFtfrVFdW

Entry address:

0x2120

Entry point:

E8, 84, 34, 00, 00, E9, 89, FE, FF, FF, B8, 40, 4E, 41, 00, C3, A1, 20, 8E, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 20, 8E, 41, 00, 6A, 04, 50, E8, 32, 35, 00, 00, 59, 59, A3, 18, 7E, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 20, 8E, 41, 00, E8, 19, 35, 00, 00, 59, 59, A3, 18, 7E, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 40, 4E, 41, 00, EB, 05, A1, 18, 7E, 41, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, C0, 50, 41, 00, 7C, EA, 6A... 
[+]

Code size:

47.5 KB (48,640 bytes)

Remove {000148d0-5fef-7a47} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.