» {478a3a0e-4f02-e306-ccf6-28067c05b92b}-uxvywiy.exe
Overview
Analysis
File Details

{478a3a0e-4f02-e306-ccf6-28067c05b92b}-uxvywiy.exe

The executable {478a3a0e-4f02-e306-ccf6-28067c05b92b}-uxvywiy.exe has been detected as malware by 18 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

4ad8e65bc55da9433e31e70cb0f552db

SHA-1:

bb084e8eb92de2c53d68e290d2af9abd69758aa2

SHA-256:

57349aa69eb3f2242dba0811dc742b92bba3e7c22c8745d30eaf059e08f94721

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

4/19/2024 12:13:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BFHR

865

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

AVG

Trojan horse SHeur4.CBYF

2014.0.4015

Bitdefender

Trojan.Agent.BFHR

1.0.20.1325

Dr.Web

Trojan.Siggen6.15132

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Agent.BFHR

8.14.09.22.02

F-Prot

W32/A-d603cd38

v6.4.7.1.166

F-Secure

Trojan.Agent.BFHR

11.2014-22-09_2

G Data

Trojan.Agent.BFHR

14.9.24

IKARUS anti.virus

Trojan-Ransom.Win32.Blocker

t3scan.1.7.8.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3212

McAfee

PWSZbot-FADO!58B4CBED6052

5600.6999

MicroWorld eScan

Trojan.Agent.BFHR

15.0.0.795

NANO AntiVirus

Trojan.Win32.XPACK.deytts

0.28.2.62286

nProtect

Trojan.Agent.BFHR

14.09.22.01

Sophos

Troj/Agent-AHQI

4.98

Total Defense

Win32/Zbot.ZTMEATD

37.0.11194

Vba32 AntiVirus

BScope.P2P-Worm.Palevo

3.12.26.3

File size:

284.7 KB (291,578 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:9BoD2aQQ4daN46jOMS+H07LETlVUX1uwWF/GXQ+rrqXfa7Ba:9BoD2q4+463SnuVUX1uwWF/GXQCruyVa

Entry point:

B2, A5, 6F, FF, FC, FF, FF, FF, FB, FF, FF, FF, 00, 00, FF, FF, 47, FF, FF, FF, FF, FF, FF, FF, BF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, 27, FF, FF, FF, F1, E0, 45, F1, FF, 4B, F6, 32, DE, 47, FE, B3, 32, DE, AB, 97, 96, 8C, DF, 8F, 8D, 90, 98, 8D, 9E, 92, DF, 9C, 9E, 91, 91, 90, 8B, DF, 9D, 9A, DF, 8D, 8A, 91, DF, 96, 91, DF, BB, B0, AC, DF, 92, 90, 9B, 9A, D1, F2, F2, F5, DB, FF, FF, FF, FF, FF, FF, FF... 
[+]

Entropy:

7.8708 (probably packed)

Remove {478a3a0e-4f02-e306-ccf6-28067c05b92b}-uxvywiy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.