home

{74e84192-c354-f2ab-acf9-59df74e84192}.exe

The executable {74e84192-c354-f2ab-acf9-59df74e84192}.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.
MD5:
8bbabf5c43242406bd82318aaabc5546

SHA-1:
ee70e0e10b37666d4b05ce542ac9fdc51e62ced6

SHA-256:
bba7c9373174d5f94937feedcc370d926d27cea4bdd2335174e7d14f300edc64

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
4/26/2024 10:57:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1641144
1022

AhnLab V3 Security
Trojan/Win32.Ransomlock
14.04.19

Avira AntiVirus
TR/TorSolar.A.45
7.11.143.120

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140419

AVG
SHeur4
2015.0.3500

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14419

Bitdefender
Trojan.GenericKD.1641144
1.0.20.545

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Trojan.DownLoad3.25251
9.0.1.0109

Emsisoft Anti-Malware
Trojan.GenericKD.1641144
8.14.04.19.08

ESET NOD32
Win32/Injector.BBVG (variant)
8.9677

G Data
Trojan.GenericKD.1641144
14.4.24

Kaspersky
Trojan.Win32.Inject
14.0.0.3993

Malwarebytes
Spyware.Zbot.ED
v2014.04.19.08

McAfee
Artemis!8BBABF5C4324
5600.7156

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!KK
1.10401

MicroWorld eScan
Trojan.GenericKD.1641144
15.0.0.327

nProtect
Trojan.GenericKD.1641144
14.04.14.02

Sophos
Mal/Zbot-QT
4.98

Trend Micro House Call
TROJ_GEN.F47V0413
7.2.109

VIPRE Antivirus
Trojan.Win32.Generic
28244

File size:
172 KB (176,128 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\{74e84192-c354-f2ab-acf9-59df74e84192}.exe

File PE Metadata
Compilation timestamp:
4/6/2014 5:34:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:dL9DFF9QN0QkbdMe8k0Hjx53pgIMtVwfwZOc6vgRpeDkPJm:h9foMdMdjrZg3XZO0Ikxm

Entry address:
0x31BE

Entry point:
55, 8B, EC, 6A, FF, 68, C8, 49, 40, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 4C, 42, 40, 00, 59, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, FF, 15, 50, 42, 40, 00, 8B, 0D, 4C, 64, 40, 00, 89, 08, FF, 15, 54, 42, 40, 00, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, 15, 03, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

User Start Menu Item
Name:
{74e84192-c354-f2ab-acf9-59df74e84192}.exe


The file {74e84192-c354-f2ab-acf9-59df74e84192}.exe has been seen being distributed by the following 2 URLs.

http://catalog.chaosium.com/?8nolptu1xax=0333ce34

http://catalog.chaosium.com/?nyibnz=7358e80a63b01f182ad92354

Remove {74e84192-c354-f2ab-acf9-59df74e84192}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.