» 2v9usanxt1pzca.exe
Overview
Analysis
File Details

2v9usanxt1pzca.exe

CZ Solution Co., Ltd.

The executable 2v9usanxt1pzca.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

2v9usanxt1pzca.exe

Publisher:

CZ Solution Co., Ltd. (signed and verified)

Version:

2, 0, 8, 1

MD5:

9fbf38ba7ba51d9d7245128effe3e8c8

SHA-1:

dbfcc3146896a3ed4e94fb93916cbd06dd2c1598

SHA-256:

5794bc9d159488487f45ced0af9454cf565d2afa112a31dbaafea7e5b8e81bb3

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/24/2024 10:00:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.Jatif.8

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Buzus

2015.01.23

Avira AntiVirus

TR/Kazy.348690

7.11.204.50

AVG

Generic36

2018.0.2492

Baidu Antivirus

Trojan.VBS.Downloader

4.0.3.17121

Bitdefender

Gen:Heur.Jatif.8

1.0.20.105

Comodo Security

TrojWare.Win32.MalPack.PKB

20803

Dr.Web

Trojan.DownLoader6.34128

9.0.1.021

Emsisoft Anti-Malware

Gen:Heur.Jatif

8.17.01.21.04

ESET NOD32

Win32/Injector.AWOM (variant)

11.11055

Fortinet FortiGate

W32/Zbot.AWOM!tr

1/21/2017

F-Secure

Gen:Heur.Jatif.8

11.2017-21-01_7

G Data

Gen:Heur.Jatif

17.1.24

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.191.14720

Kaspersky

Trojan-Downloader.VBS.Agent

14.0.0.-1046

McAfee

Artemis!9FBF38BA7BA5

5600.6148

MicroWorld eScan

Gen:Heur.Jatif.8

18.0.0.63

NANO AntiVirus

Trojan.Win32.Zbot.csuemz

0.30.0.64812

Norman

Troj_Generic.TNTUL

11.20170121

Panda Antivirus

Trj/CI.A

17.01.21.04

Rising Antivirus

PE:Packer.Win32.AntiSig.b!1075128015

23.00.65.17119

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

36876

Zillya! Antivirus

Trojan.Zbot.Win32.153212

2.0.0.2042

File size:

427.8 KB (438,104 bytes)

Product version:

2, 0, 8, 1

File type:

Executable application (Win32 EXE)

Language:

Italian (Italy)

Common path:

C:\users\{user}\appdata\roaming\2v9usanxt1pzca.exe

Digital Signature

Signed by:

CZ Solution Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/3/2012 1:00:00 AM

Valid to:

2/2/2015 12:59:59 AM

Subject:

CN="CZ Solution Co., Ltd. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="CZ Solution Co., Ltd. ", L=Xiamen, S=Fujian, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6E7B6395AC5B5C8A2AECC4528D9E6510

File PE Metadata

Compilation timestamp:

12/19/2011 3:38:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x1A31F

Entry point:

90, 90, 90, 90, 90, E9, 91, 01, 00, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, 15, 28, B0, 41, 00, 59, 83, 0D, 74, E6, 41, 00, FF, 83, 0D, 78, E6, 41, 00, FF, FF, 15, 34, B0, 41, 00, 8B, 0D, 70, E6, 41, 00, 89, 08, FF, 15, 38, B0, 41, 00, 8B, 0D, 6C, E6, 41, 00, 89, 08, A1, 3C, B0, 41, 00, 8B, 00, A3, 7C, E6, 41, 00, E8, 11, 01, 00, 00, 39, 1D, 40, E6, 41, 00, 75, 0C, 68, 9C, A4, 41, 00, FF, 15, 5C, B0... 
[+]

Code size:

104 KB (106,496 bytes)

Remove 2v9usanxt1pzca.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.