» 70d44849969dc890828dcc2997f2aff6
Overview
Analysis
File Details

70d44849969dc890828dcc2997f2aff6

RSxJfd

The file 70d44849969dc890828dcc2997f2aff6 has been detected as malware by 28 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Product:

RSxJfd

Version:

7.3.2.7617

MD5:

70d44849969dc890828dcc2997f2aff6

SHA-1:

0a44100d7d267ff50dbbfc1cf5b6fd4f831eb359

SHA-256:

9795ef6cec852104eb94bae3e42a6c1261569bf9a30eedd1d8fbd0149e9b2a69

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/25/2024 4:11:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.115245

804

AhnLab V3 Security

Malware/Win32.Generic

2014.11.22

Avira AntiVirus

TR/Dropper.MSIL.97145

7.11.188.16

avast!

Win32:Trojan-gen

2014.9-141123

AVG

MSIL5

2015.0.3282

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.141123

Bitdefender

Gen:Variant.Zusy.115245

1.0.20.1635

Comodo Security

UnclassifiedMalware

20151

Dr.Web

Trojan.PWS.Panda.4795

9.0.1.0327

Emsisoft Anti-Malware

Gen:Variant.Zusy.115245

8.14.11.23.09

ESET NOD32

MSIL/Injector.GGG (variant)

8.10760

Fortinet FortiGate

MSIL/GGG!tr

11/23/2014

F-Secure

Gen:Variant.Zusy.115245

11.2014-23-11_1

G Data

Gen:Variant.Zusy.115245

14.11.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.14098

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2903

Malwarebytes

Trojan.MSIL.Injector

v2014.11.23.09

McAfee

RDN/Spybot.bfr!o

5600.6938

MicroWorld eScan

Gen:Variant.Zusy.115245

15.0.0.981

NANO AntiVirus

Trojan.Win32.Zbot.djaewk

0.28.6.63474

Panda Antivirus

Trj/CI.A

14.11.23.09

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Quick Heal

TrojanPWS.Zbot.r3

11.14.14.00

Sophos

Troj/MSIL-AXE

4.98

Trend Micro House Call

TROJ_FORUCON.BME

7.2.327

Trend Micro

TROJ_FORUCON.BME

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

34988

File size:

186.5 KB (190,976 bytes)

Product version:

7.3.2.7617

Original file name:

Purchase Order.scr.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\91\70d44849969dc890828dcc2997f2aff6

File PE Metadata

Compilation timestamp:

11/18/2014 4:39:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:Q+9mIP51PJdeKqjhK7VbrKN2Mo0ivimC4nm07ebJ4aeP6aoVm35q:Q+YaP/eU7VbONwvm457HaePFC

Entry address:

0x2D75E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.6302

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

174 KB (178,176 bytes)

Remove 70d44849969dc890828dcc2997f2aff6 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.