» 91c3ec45e62a1060beb3c43dde729280
Overview
Analysis
File Details

91c3ec45e62a1060beb3c43dde729280

computerunterstützte

FileZilla Project

The file 91c3ec45e62a1060beb3c43dde729280 has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

FileZilla Project

Product:

computerunterstützte

Version:

0.00.0001

MD5:

91c3ec45e62a1060beb3c43dde729280

SHA-1:

37598be462f5794b2c1fc229cb27b75d31b47bbe

SHA-256:

119be91c97ab7f95feae3de2aa339455857f0854735ca5fa7f672ec348cdb364

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/24/2024 2:47:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.48294

804

AhnLab V3 Security

Win-Trojan/MDA.140610

2014.11.20

Avira AntiVirus

TR/Dropper.VB.23855

7.11.187.188

avast!

Win32:Zbot-UPW [Trj]

2014.9-141123

AVG

Zbot

2015.0.3282

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.141123

Bitdefender

Gen:Variant.Symmi.48294

1.0.20.1635

Dr.Web

Trojan.PWS.Panda.655

9.0.1.0327

Emsisoft Anti-Malware

Gen:Variant.Symmi.48294

8.14.11.23.09

ESET NOD32

Win32/Injector.BPOR (variant)

8.10753

Fortinet FortiGate

W32/Zbot.UORG!tr

11/23/2014

F-Secure

Gen:Variant.Symmi.48294

11.2014-23-11_1

G Data

Gen:Variant.Symmi.48294

14.11.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.8.3.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2903

Malwarebytes

Trojan.Zbot.FKZ

v2014.11.23.09

McAfee

PWSZbot-FAER!91C3EC45E62A

5600.6938

MicroWorld eScan

Gen:Variant.Symmi.48294

15.0.0.981

NANO AntiVirus

Trojan.Win32.Zbot.djbzdb

0.28.6.63474

Panda Antivirus

Trj/CI.A

14.11.23.09

Qihoo 360 Security

Win32/Trojan.Spy.b01

1.0.0.1015

Quick Heal

VirTool.VBInject.LN3

11.14.14.00

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141121

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V1119

7.2.327

VIPRE Antivirus

Trojan.Win32.Generic

34956

File size:

276 KB (282,624 bytes)

Product version:

0.00.0001

Original file name:

Familienfest.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\91\91c3ec45e62a1060beb3c43dde729280

File PE Metadata

Compilation timestamp:

11/16/2014 4:19:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:ZEptgtoYPrMD06O4ZtrlQOBsbrA0PWZPVZftyMsgaazsF6URG050p9JVnp/:4tgtosri02Bor/MVCMsxcsg0a5Vp

Entry address:

0x1350

Entry point:

68, 38, 6E, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 58, 02, 69, 70, A9, B9, F7, 49, 80, 19, E2, E9, 43, 0C, 84, 48, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 43, 61, 70, 74, 69, 6F, 52, 61, 64, 6D, 61, 67, 61, 7A, 69, 6E, 65, 6E, 36, 00, 3D, 20, 00, 00, 00, 00, FF, CC, 31, 00, 09, 4C, 8E, E2, F2, 70, 74, C5, 4D, B2, 64, 85, 09, B2, 2F, 60, ED, CB, F5, 0B, 30, D0, 32, 51, 4A, BD, 3E, CE, 03, 10, 87, 95, 46, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

6.7513

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

240 KB (245,760 bytes)

Remove 91c3ec45e62a1060beb3c43dde729280 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.