» 1.exe
Overview
Analysis
File Details

1.exe

CJSC Computing Forces

The executable 1.exe has been detected as malware by 30 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

1.exe

Publisher:

TXRX 2014 Inc. (signed by CJSC Computing Forces)

Product:

TXRX 2014 Inc.

Version:

1.03.0004

MD5:

dcd8fe283721136180e2ffc0763ff637

SHA-1:

7bb4d41185219e8a056e0463383c6b2bb4bbfd72

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/10/2024 8:03:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.164768

-10

Agnitum Outpost

Trojan.Boaxxe

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2015.12.07

Avira AntiVirus

TR/Dropper.VB.37325

8.3.2.4

Arcabit

Trojan.Zusy.D283A0

1.0.0.628

avast!

Win32:Malware-gen

2014.9-170214

AVG

Atros2

2018.0.2468

Bitdefender

Gen:Variant.Zusy.164768

1.0.20.225

Dr.Web

Trojan.Siggen6.23087

9.0.1.045

Emsisoft Anti-Malware

Gen:Variant.Zusy.164768

8.17.02.14.08

ESET NOD32

Win32/Boaxxe.BR

11.12680

Fortinet FortiGate

W32/Injector.CLVS!tr

2/14/2017

F-Secure

Gen:Variant.Zusy.164768

11.2017-14-02_3

G Data

Gen:Variant.Zusy.164768

17.2.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18027

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.-1167

Malwarebytes

Trojan.Agent.VB

v2017.02.14.08

McAfee

GenericATG-FCDR!DCD8FE283721

5600.6124

Microsoft Security Essentials

Trojan:Win32/Miuref.F

1.1.12300.0

MicroWorld eScan

Gen:Variant.Zusy.164768

18.0.0.135

Panda Antivirus

Trj/Genetic.gen

17.02.14.08

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Quick Heal

TrojanPWS.Zbot.VA3

2.17.14.00

Sophos

Troj/Miuref-AI

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

8592

Trend Micro

TROJ_GEN.R0C1C0DJH15

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

45660

ViRobot

Trojan.Win32.Agent.140816.A[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Boaxxe.Win32.13137

2.0.0.2548

File size:

137.5 KB (140,816 bytes)

Product version:

1.03.0004

Original file name:

TXRX 2014 Inc..exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\eption\1.exe

Digital Signature

Signed by:

CJSC Computing Forces

Authority:

Thawte, Inc.

Valid from:

9/9/2013 8:00:00 PM

Valid to:

10/19/2015 8:59:59 PM

Subject:

CN=CJSC Computing Forces, OU=IT, O=CJSC Computing Forces, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4A5647FCC7D6193E773D1EE0D01F40E4

File PE Metadata

Compilation timestamp:

10/2/2015 10:40:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x12CC

Entry point:

68, 44, 38, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 6F, 3F, 34, BF, FA, 46, 6B, 4B, 8E, 68, 8A, AE, 10, 98, AD, 91, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, D8, 0C, 2B, 00, 4A, 75, 6E, 67, 65, 00, 2A, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, EC, 99, A4, DF, EC, 0D, 64, 48, 8A, EC, 10, 12, 72, AD, EA, 8C, 00, 61, DF, 0C, C6, 90, 13, 49, A9, 7F, E3, 62, B6, 5D, 72, A1, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

120 KB (122,880 bytes)

Remove 1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.