» 75a3.tmp
Overview
Analysis
File Details

75a3.tmp

The file 75a3.tmp has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

75a3.tmp

MD5:

bb5549df45e88ff540064b1d2af47e70

SHA-1:

13ca8eb8819377e389763cfb8d01461f524e40e2

SHA-256:

dfb672b504cccbd401c48bc85e85b029abd424e80e079e3812c2fdaf668e31e5

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 1:20:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.15979

577

AhnLab V3 Security

Trojan/Win32.MDA

2015.06.18

Avira AntiVirus

TR/Bunitu.A.351

8.3.1.6

Arcabit

Trojan.Mikey.D3E6B

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150707

AVG

Inject2

2016.0.3055

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.1577

Bitdefender

Gen:Variant.Mikey.15979

1.0.20.940

Bkav FE

HW32.Packed

1.3.0.6379

Dr.Web

Trojan.Encoder.514

9.0.1.0188

Emsisoft Anti-Malware

Gen:Variant.Mikey.15979

8.15.07.07.03

ESET NOD32

Win32/Injector.CCTS (variant)

9.11804

F-Secure

Gen:Variant.Mikey.15979

11.2015-07-07_3

G Data

Gen:Variant.Mikey.15979

15.7.25

K7 AntiVirus

Spyware

13.205.16279

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.1772

Malwarebytes

Trojan.Agent.EDPE

v2015.07.07.03

McAfee

Artemis!BB5549DF45E8

5600.6711

MicroWorld eScan

Gen:Variant.Mikey.15979

16.0.0.564

NANO AntiVirus

Trojan.Win32.Cryptodef.dsswmh

0.30.24.2086

Panda Antivirus

Trj/Chgt.O

15.07.07.03

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.7.15

Rising Antivirus

PE:Trojan.Win32.Generic.18C28CCB!415403211

23.00.65.15705

Sophos

Mal/Zbot-TV

4.98

Trend Micro House Call

TROJ_GEN.R00JB01FG15

7.2.188

VIPRE Antivirus

Trojan.Win32.Generic

41232

File size:

232 KB (237,568 bytes)

Common path:

C:\users\{user}\appdata\local\temp\75a3.tmp

File PE Metadata

Compilation timestamp:

6/13/2015 11:02:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:I36td1cysC/h5/kPDO6Qji4jU9W/PsRb5pvc:TESn8cjiMpPsd55c

Entry address:

0x297A

Entry point:

55, 8B, EC, 6A, FF, 68, D8, 4F, 40, 00, 68, B2, 2B, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 44, 43, 40, 00, 59, 83, 0D, 6C, 6D, 40, 00, FF, 83, 0D, 70, 6D, 40, 00, FF, FF, 15, 40, 43, 40, 00, 8B, 0D, 60, 6D, 40, 00, 89, 08, FF, 15, 3C, 43, 40, 00, 8B, 0D, 5C, 6D, 40, 00, 89, 08, A1, 38, 43, 40, 00, 8B, 00, A3, 68, 6D, 40, 00, E8, D8, FA, FF, FF, 39, 1D, 68, 6C, 40, 00, 75, 0C, 68, AE, 2B, 40, 00, FF, 15, 74, 43... 
[+]

Entropy:

7.6515

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

12 KB (12,288 bytes)

Remove 75a3.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.