» {1d8b2224-0163-4467-9cb6-83156893d955}
Overview
Analysis
File Details

{1d8b2224-0163-4467-9cb6-83156893d955}

The file {1d8b2224-0163-4467-9cb6-83156893d955} has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Version:

3, 3, 8, 1

MD5:

2d4859d349c8813eae256d78a48a2838

SHA-1:

198e0807e1fa07e84aa07fe2b712213acc75a9c5

SHA-256:

8ae971448f119c599a791bffdbbbbaecfcbfa36a51bfa74b22b1cfdb4965b787

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/25/2024 7:54:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1843404

856

Avira AntiVirus

TR/Spy.Banker.1867

7.11.172.150

avast!

Win32:Malware-gen

2014.9-141002

AVG

Autoit_c

2015.0.3334

Baidu Antivirus

Trojan.Win32.Buzus

4.0.3.14102

Bitdefender

Trojan.GenericKD.1843404

1.0.20.1375

Comodo Security

UnclassifiedMalware

19529

Dr.Web

Trojan.PWS.Panda.4795

9.0.1.0275

Emsisoft Anti-Malware

Trojan.Win32.AutoInject

8.14.10.02.03

ESET NOD32

Win32/Injector.Autoit.AWI (variant)

8.10424

Fortinet FortiGate

W32/Autoit.ANO!tr

10/2/2014

F-Prot

W32/AutoIt.CE.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1843404

11.2014-02-10_5

G Data

Trojan.GenericKD.1843404

14.10.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13379

Kaspersky

Trojan.Win32.Buzus

14.0.0.3164

Malwarebytes

Trojan.Agent.AI

v2014.10.02.03

McAfee

Generic-FAVA!2D4859D349C8

5600.6990

Microsoft Security Essentials

PWS:Win32/Zbot

1.11005

MicroWorld eScan

Trojan.GenericKD.1843404

15.0.0.825

Norman

Suspicious_Gen4.GYRVK

11.20141002

nProtect

Trojan.GenericKD.1843404

14.09.16.01

Panda Antivirus

Trj/CI.A

14.10.02.03

Qihoo 360 Security

HEUR/Malware.QVM11.Gen

1.0.0.1015

Quick Heal

TrojanPWS.AutoIt.Zbot.S

10.14.14.00

Sophos

Troj/AutoIt-ANO

4.98

Total Defense

Win32/Zbot.NKefN

37.0.11183

Trend Micro House Call

TROJ_GEN.R047C0DI914

7.2.275

Trend Micro

TROJ_GEN.R047C0DI914

10.465.02

Vba32 AntiVirus

Trojan.Buzus

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

33164

Zillya! Antivirus

Trojan.Buzus.Win32.122066

2.0.0.1924

File size:

734.5 KB (752,112 bytes)

File PE Metadata

Compilation timestamp:

1/30/2012 3:32:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:n6Wq4aaE6KwyF5L0Y2D1PqLRJpz+id2pq/7Gi5z2+13Z4/6Y:FthEVaPqLJz+Q7d2+E/3

Entry address:

0xB8E70

Entry point:

60, BE, 00, 70, 47, 00, 8D, BE, 00, A0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

268 KB (274,432 bytes)

Remove {1d8b2224-0163-4467-9cb6-83156893d955} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.