home

0c5d0ce0.exe

James Burton

The executable 0c5d0ce0.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Basilico obsoleto  (signed by James Burton)

Product:
Basilico obsoleto

Version:
4.06.0007

MD5:
5d7e2295566934e52fb8825d20bf7fdc

SHA-1:
f3cda902cc8f52ca8fcc1bafd6664cd8cd81ddb0

SHA-256:
51e69900d2ec48b401d8786824b443a0942ce8030bcdece324ad471a936fd59b

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
7/4/2025 1:39:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.56426
288

Agnitum Outpost
Trojan.DR.VB
7.1.1

AhnLab V3 Security
Trojan/Win32.Miuref
2015.12.22

Avira AntiVirus
TR/Dropper.VB.Gen7
8.3.2.4

Arcabit
Trojan.Symmi.DDC6A
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160421

AVG
Dropper.Generic9
2017.0.2766

Baidu Antivirus
Trojan.Win32.Dropper
4.0.3.16421

Bitdefender
Gen:Variant.Symmi.56426
1.0.20.560

Comodo Security
UnclassifiedMalware
23820

Dr.Web
Trojan.Siggen6.23087
9.0.1.0112

Emsisoft Anti-Malware
Gen:Variant.Symmi.56426
8.16.04.21.04

ESET NOD32
Win32/Boaxxe.BR
10.12760

Fortinet FortiGate
W32/Boaxxe.BR!tr
4/21/2016

F-Secure
Gen:Variant.Symmi.56426
11.2016-21-04_5

G Data
Gen:Variant.Symmi.56426
16.4.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18180

Kaspersky
Trojan-Dropper.Win32.VB
14.0.0.326

Malwarebytes
Trojan.VBCrypt
v2016.04.21.04

McAfee
RDN/Generic Dropper
5600.6422

Microsoft Security Essentials
VirTool:Win32/VBInject.AER
1.1.12400.0

MicroWorld eScan
Gen:Variant.Symmi.56426
17.0.0.336

NANO AntiVirus
Trojan.Win32.VB.dzdwow
1.0.10.5081

Panda Antivirus
Trj/CI.A
16.04.21.04

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
TrojanPWS.Zbot.VA3
4.16.14.00

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16419

Sophos
Troj/Miuref-AI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-VB
9190

Trend Micro House Call
TROJ_HPVB.SM6
7.2.112

VIPRE Antivirus
Trojan.Win32.Generic
45948

ViRobot
Trojan.Win32.Z.Agent.145112[h]
2014.3.20.0

File size:
141.7 KB (145,112 bytes)

Product version:
4.06.0007

Original file name:
Basilico obsoleto.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\iksoft\0c5d0ce0.exe

Digital Signature
Signed by:
James Burton

Authority:
StartCom Ltd.

Valid from:
8/31/2013 5:18:48 AM

Valid to:
9/1/2015 3:33:34 PM

Subject:
E=jim618@fastmail.co.uk, CN=James Burton, L=London, S=Greater London, C=GB, Description=PgF7B7Vgi6msWulW

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0ADE

File PE Metadata
Compilation timestamp:
9/21/2015 10:44:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:YbAR7E5SSWx8MSmHpW0WFQBH49P43RD5q80:8AO5Ux8zEi99PGB5e

Entry address:
0x135C

Entry point:
68, 50, 37, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 91, 4C, C4, 5F, AA, D3, 6C, 4A, 9D, 41, 0A, 5D, C4, A6, F1, 6E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 70, 74, 69, 6F, 6E, 20, 4C, 75, 66, 74, 61, 62, 77, 65, 68, 72, 77, 61, 66, 66, 65, 37, 00, 22, 46, 65, 72, 72, 6F, 6D, 00, 00, 00, 00, FF, CC, 31, 00, 04, 5E, BE, A4, E3, FC, F0, 97, 40, A0, E0, 24, FF, 35, 6B, 1C, 0B, 58, 64, FB, 09, C1, 6D, 7F, 4B, 9B, 35, CA, 02, 1F, F1, EC, 20, 3A, 4F, AD...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
120 KB (122,880 bytes)

Remove 0c5d0ce0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.