» 84ab.exe
Overview
Analysis
File Details

84ab.exe

The executable 84ab.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

84ab.exe

MD5:

2d51debcf33e441b95f99b77a87c0c8f

SHA-1:

cef04efc9fc92529ea1da41fe7d67c647e8bc17d

SHA-256:

90d5be0d75a929e16495b1cd41c3d31eed5dfecd807c914016984a751463e890

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/20/2024 12:02:56 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2013.04.08

Avira AntiVirus

TR/Buzus.ID.592

7.11.70.250

avast!

Win32:Malware-gen

2014.9-170316

AVG

SpamTool

2018.0.2437

Bitdefender

Trojan.Encpk.Gen.1

1.0.20.375

Comodo Security

TrojWare.Win32.Injector.AEJV

15848

Dr.Web

Trojan.Winlock.6426

9.0.1.075

Emsisoft Anti-Malware

Trojan.Encpk.Gen

8.17.03.16.12

ESET NOD32

Win32/Injector.ADWG (variant)

11.8202

Fortinet FortiGate

W32/Tepfer.AAX!tr.pws

3/16/2017

F-Secure

Trojan.Encpk.Gen.1

11.2017-16-03_5

G Data

Trojan.Encpk.Gen

17.3.22

IKARUS anti.virus

Virus.Win32.CeeInject

t3scan.2.0.0.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.-1318

Malwarebytes

Trojan.EOFail

v2017.03.16.12

McAfee

PWS-Zbot-FAQD!2D51DEBCF33E

5600.6093

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!ID

1.163.1557.0

nProtect

Trojan.Encpk.Gen.1

13.04.07.01

Panda Antivirus

Trj/Genetic.gen

17.03.16.12

Rising Antivirus

Suspicious

23.00.65.17314

Sophos

Mal/EncPk-AFN

4.87

Total Defense

Win32/Inject.C!generic

37.0.10367

Trend Micro House Call

TROJ_GEN.R47B1D5

7.2.75

Trend Micro

TROJ_GEN.RCBOCD3

10.465.16

Vba32 AntiVirus

BScope.Malware-Cryptor.Zbot.2213

3.12.20.2

File size:

47.9 KB (49,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\84ab.exe

File PE Metadata

Compilation timestamp:

3/10/2013 9:04:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.1

Entry address:

0x1000

Entry point:

68, C8, 07, 00, 00, 68, 00, 00, 00, 00, 68, E0, 85, 40, 00, E8, FC, 2F, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, F5, 2F, 00, 00, A3, E4, 85, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, E2, 2F, 00, 00, A3, E0, 85, 40, 00, E8, 6C, 45, 00, 00, E8, 21, 44, 00, 00, E8, F2, 3E, 00, 00, E8, 6D, 35, 00, 00, E8, E5, 33, 00, 00, E8, 03, 30, 00, 00, 68, 88, 8D, 40, 00, 68, 00, 00, 00, 00, 68, 0A, 00, 00, 00, 68, 1A, 00, 00, 00, 68, FF, 00, 00, 00, E8, F0, 42, 00, 00, 68, 90, 8D, 40, 00... 
[+]

Entropy:

7.4462

Packer / compiler:

PKLITE32, 0x1.1

Code size:

17.5 KB (17,920 bytes)

Remove 84ab.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.