home

3346938.tmp

The file 3346938.tmp has been detected as a potentially unwanted program by 37 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
27bd9bddaf01102622985a4c6cd37e84

SHA-1:
4088292da87f06c59322d3e55c648aa64bcf6d7b

SHA-256:
a26dfd9625bfc2d1893d561fdf7f16b0f430693d0e10e66153633830b0e0d8d2

Scanner detections:
37 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 4:31:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Inject.IA
865

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Downloader
2014.09.09

Avira AntiVirus
TR/Proxy.Horst.Gen
7.11.171.66

avast!
Win32:DNSChanger-ZZ [Trj]
2014.9-140922

AVG
Win32/DH{IIEOJYETeW4TFw}
2015.0.3343

Baidu Antivirus
Trojan.Win32.Wigon
4.0.3.14922

Bitdefender
Trojan.Inject.IA
1.0.20.1325

Bkav FE
W32.FestielastLTL.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
19456

Emsisoft Anti-Malware
Trojan.Inject.IA
8.14.09.22.12

ESET NOD32
Win32/Wigon.PH (variant)
8.10384

Fortinet FortiGate
W32/IRIEN.DDF!tr.dldr
9/22/2014

F-Prot
New
v6.4.7.1.166

F-Secure
Trojan.Inject.IA
11.2014-22-09_2

G Data
Trojan.Inject.IA
14.9.24

IKARUS anti.virus
Gen.Trojan
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13305

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3212

Malwarebytes
Trojan.Zbot
v2014.09.22.12

McAfee
Downloader-FACW!27BD9BDDAF01
5600.6999

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail.CB
1.10904

MicroWorld eScan
Trojan.Inject.IA
15.0.0.795

NANO AntiVirus
Trojan.Win32.Zbot.czpvbf
0.28.2.61942

Norman
Inject.CDFW
11.20140922

nProtect
Trojan.Inject.IA
14.09.07.01

Panda Antivirus
Trj/Genetic.gen
14.09.22.12

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
TrojanSpy.Zbot.r4
9.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.16CB4831!382421041
23.00.65.14920

Sophos
Mal/Emogen-Y
4.98

Total Defense
Win32/Cutwail.PKYUXHB
37.0.11169

Trend Micro House Call
TROJ_GEN.F0C2H00FA14
7.2.265

Trend Micro
Mal_DLDER
10.465.22

Vba32 AntiVirus
SScope.Trojan.Zbot.gen
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32928

Zillya! Antivirus
Trojan.Zbot.Win32.157203
2.0.0.1915

File size:
229.5 KB (235,008 bytes)

Common path:
C:\users\{user}\appdata\local\temp\3346938.tmp

File PE Metadata
Compilation timestamp:
5/26/2006 12:43:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:HwtQHef7xuqGMYARItjnhEzgg8MbeyTuiy0o8Lk2dC1sq1t+Q05Vl823c37R/ksw:Hq4MBIx6kMb/31+t+Q09n3c37Ly

Entry address:
0x2020

Entry point:
55, 8B, EC, 81, EC, 90, 0E, 00, 00, E8, 32, 0C, 00, 00, 89, 85, 6C, FE, FF, FF, 8B, 85, 6C, FE, FF, FF, 50, E8, E0, 0C, 00, 00, 83, C4, 04, 68, 50, 1A, 30, 04, FF, 15, 7C, 50, 30, 04, 8D, 8D, 70, FE, FF, FF, 51, 68, 02, 02, 00, 00, E8, A7, EF, FF, FF, 85, C0, 74, 05, E9, 84, 04, 00, 00, 6A, 00, FF, 15, 4C, 51, 30, 04, E8, EB, F2, FF, FF, A2, EE, B2, 33, 04, 6A, 00, 6A, 01, 6A, 01, 6A, 00, FF, 15, 68, 50, 30, 04, A3, F4, B2, 33, 04, 68, 08, 02, 00, 00, 6A, 00, 68, B8, AB, 33, 04, E8, 62, F8, FF, FF, 83, C4...
 
[+]

Entropy:
7.5424

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

Remove 3346938.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.