home

450f7a4e8f6bb03fc4f7f24eef164630

HP Esprit Runtime

The file 450f7a4e8f6bb03fc4f7f24eef164630 by HP Esprit Runtime has been detected as a potentially unwanted program by 32 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
HP Esprit Runtime  (signed and verified)

Version:
3, 3, 8, 1

MD5:
450f7a4e8f6bb03fc4f7f24eef164630

SHA-1:
879bf7ef67b04722114dfe477a1e9ca07ec0a7b6

SHA-256:
0a9d1fe4897aa92b9786dc5718566aa832913580b40f15680ff1b76aa3dd776c

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:18:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Zbot.ISH
339

Agnitum Outpost
Trojan.Autlo.Gen.ADQ
7.1.1

AhnLab V3 Security
Trojan/Win32.AutoIt
2015.12.18

Avira AntiVirus
PUA/MyWebSearch.U.32
8.3.2.4

Arcabit
Trojan.Zbot.ISH
1.0.0.629

avast!
Win32:Malware-gen
2014.9-160302

AVG
Dropper.Generic_c
2017.0.2817

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.1632

Bitdefender
Trojan.Zbot.ISH
1.0.20.310

Comodo Security
Worm.Win32.P2P-Worm.Palevo.fghk
23785

Dr.Web
Trojan.MulDrop6.13396
9.0.1.062

Emsisoft Anti-Malware
Trojan.Zbot.ISH
8.16.03.02.06

ESET NOD32
Win32/Injector.Autoit.BXX
10.12738

Fortinet FortiGate
W32/Autoit.BXX!tr
3/2/2016

F-Secure
Trojan.Zbot.ISH
11.2016-02-03_4

G Data
Trojan.Zbot.ISH
16.3.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18131

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.579

McAfee
Artemis!450F7A4E8F6B
5600.6473

Microsoft Security Essentials
VirTool:Win32/AutInject.CG
1.1.12400.0

MicroWorld eScan
Trojan.Zbot.ISH
17.0.0.186

NANO AntiVirus
Trojan.Win32.akh.dwtfnt
1.0.10.5081

nProtect
Trojan.Zbot.ISH
15.12.17.01

Panda Antivirus
Trj/CI.A
16.03.02.06

Quick Heal
TrojanPWS.AutoIt.Zbot.S
3.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16229

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R08OC0FKG15
10.465.02

Vba32 AntiVirus
Trojan.Autoit.F
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45902

Zillya! Antivirus
Backdoor.Androm.Win32.29535
2.0.0.2569

File size:
1.2 MB (1,268,456 bytes)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\2015.11.22_tommy_176\450f7a4e8f6bb03fc4f7f24eef164630

Digital Signature
Signed by:
HP Esprit Runtime

Authority:
HP Esprit Root CA

Valid from:
1/9/2004 4:13:09 AM

Valid to:
1/1/2040 6:59:59 AM

Subject:
CN=HP Esprit Runtime

Issuer:
CN=HP Esprit Root CA

Serial number:
D5EC1283B33C32B94F5EA642FE46288F

File PE Metadata
Compilation timestamp:
1/30/2012 4:32:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:bRmJkcoQricOIQxiZY1iau9GuX+L5BGy5yeDRebwWusSwQ4+RTNl8:4JZoQrbTFZY1iau9hX+L15/DMbwscTNK

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Code size:
514 KB (526,336 bytes)

Remove 450f7a4e8f6bb03fc4f7f24eef164630 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.