» {0e28e181-29b5-41c8-8742-f3fa1cdf4246}
Overview
Analysis
File Details

{0e28e181-29b5-41c8-8742-f3fa1cdf4246}

Z4pfg8U

Esker

The file {0e28e181-29b5-41c8-8742-f3fa1cdf4246} has been detected as malware by 34 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Esker

Product:

Z4pfg8U

Description:

pm8RE81ZH

Version:

0.5.5.9

MD5:

fe7d0c5786b24efc2b7e6520a24ccf4c

SHA-1:

be0f2a8a108426c514d3c4d5819b87b921b41e52

SHA-256:

1df466615b70a7197e894b3ec333ce134593cb6932c74dcdf6491e3c5f7224a1

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/19/2024 7:22:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1837217

856

AhnLab V3 Security

Trojan/Win32.Zbot

2014.09.10

Avira AntiVirus

TR/Rogue.349465

7.11.171.112

avast!

Win32:Trojan-gen

2014.9-141002

AVG

Zbot

2015.0.3334

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.14102

Bitdefender

Trojan.GenericKD.1837217

1.0.20.1375

Bkav FE

HW32.Paked

1.3.0.4959

Comodo Security

TrojWare.Win32.UMal.~A

19469

Dr.Web

Trojan.PWS.Panda.5676

9.0.1.0275

Emsisoft Anti-Malware

Trojan.Win32.Zbot

8.14.10.02.03

ESET NOD32

Win32/Spy.Zbot.AAU

8.10390

Fortinet FortiGate

W32/Injector.KMGB!tr

10/2/2014

F-Secure

Trojan.GenericKD.1837217

11.2014-02-10_5

G Data

Trojan.GenericKD.1837217

14.10.24

IKARUS anti.virus

Trojan-Dropper.Win32.Inject

t3scan.1.7.5.0

K7 AntiVirus

Spyware

13.183.13319

Kaspersky

Trojan-Dropper.Win32.Injector

14.0.0.3164

Malwarebytes

Spyware.Password

v2014.10.02.03

McAfee

RDN/Generic.bfr!hq

5600.6990

Microsoft Security Essentials

PWS:Win32/Zbot

1.10904

MicroWorld eScan

Trojan.GenericKD.1837217

15.0.0.825

NANO AntiVirus

Trojan.Win32.Injector.demlsb

0.28.2.61942

Norman

Troj_Generic.VQOBY

11.20141002

nProtect

Trojan.GenericKD.1837217

14.09.07.01

Panda Antivirus

Trj/CI.A

14.10.02.03

Qihoo 360 Security

HEUR/Malware.QVM07.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.FakePDF@CV!1.9C3A

23.00.65.14930

Sophos

Troj/Zbot-IVQ

4.98

Total Defense

Win32/Zbot.NOBBfG

37.0.11171

Trend Micro House Call

TROJ_GEN.R0C2C0RI414

7.2.275

Trend Micro

TROJ_GEN.R0C2C0RI414

10.465.02

Vba32 AntiVirus

TrojanDropper.Injector

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic!SB.0

32964

File size:

341.3 KB (349,465 bytes)

Product version:

0.5.5.9

Original file name:

UOv968J9d.exe

File PE Metadata

Compilation timestamp:

9/2/2014 4:08:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:h2TX+xO9QNaDyPk9gcTher8o/xPh+PWmp2k98mrjI3s:hqXsO98a+cter8kPMxp2Jc

Entry address:

0x17F5C

Entry point:

55, 8B, EC, 6A, FF, 68, 78, 98, 41, 00, 68, 50, 81, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 2C, 92, 41, 00, 59, 83, 0D, AC, 63, 4D, 00, FF, 83, 0D, B0, 63, 4D, 00, FF, FF, 15, 00, 92, 41, 00, 8B, 0D, A8, 63, 4D, 00, 89, 08, FF, 15, 24, 92, 41, 00, 8B, 0D, A4, 63, 4D, 00, 89, 08, A1, 20, 92, 41, 00, 8B, 00, A3, B4, 63, 4D, 00, E8, 28, 01, 00, 00, 39, 1D, CC, E2, 41, 00, 75, 0C, 68, F0, 80, 41, 00, FF, 15, 1C, 92... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

96 KB (98,304 bytes)

Remove {0e28e181-29b5-41c8-8742-f3fa1cdf4246} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.