home

скайп)album_shared_001.jpg.exe

Matrix

The executable скайп)album_shared_001.jpg.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.disaronno.com.
Product:
Matrix

Description:
Matrix

Version:
1, 0, 0, 1

MD5:
cf2145451269c57e9e5ff7ba946f3bdb

SHA-1:
78c5fc4df520f2ef2be02a1f4a44724745dcede0

SHA-256:
8882c03fad9ec1bab5008b65dc4ead61a0857ba4fa3cd79964539feaf35a6521

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/26/2024 10:50:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1672515
912

Agnitum Outpost
Trojan.Sharik
7.1.1

AhnLab V3 Security
Trojan/Win32.Xema
2014.05.26

Avira AntiVirus
TR/Crypt.ZPACK.79042
7.11.151.104

avast!
Win32:Zbot-TRI [Trj]
2014.9-140806

AVG
Zbot
2015.0.3390

Baidu Antivirus
Trojan.Win32.Sharik
4.0.3.1486

Bitdefender
Trojan.GenericKD.1672515
1.0.20.1090

Bkav FE
W32.DropperAmuquizR.Trojan
1.3.0.4959

Dr.Web
Trojan.PWS.Panda.5676
9.0.1.0218

Emsisoft Anti-Malware
Trojan.GenericKD.1672515
8.14.08.06.03

ESET NOD32
Win32/Injector.BDLQ (variant)
8.9848

Fortinet FortiGate
W32/Sharik.BDKK!tr
8/6/2014

F-Secure
Trojan.GenericKD.1672515
11.2014-06-08_4

G Data
Trojan.GenericKD.1672515
14.8.24

IKARUS anti.virus
Trojan-Downloader.Win32.Dofoil
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12184

Kaspersky
Trojan.Win32.Sharik
14.0.0.3447

Malwarebytes
Spyware.Zbot.ED
v2014.08.06.03

McAfee
PWSZbot-FDU
5600.7046

Microsoft Security Essentials
TrojanDownloader:Win32/Dofoil.T
1.10600

MicroWorld eScan
Trojan.GenericKD.1672515
15.0.0.654

NANO AntiVirus
Trojan.Win32.Inject.cxonzm
0.28.0.59921

Norman
Small.SUIJ
11.20140806

nProtect
Trojan.GenericKD.1672515
14.05.25.01

Panda Antivirus
Trj/CI.A
14.08.06.03

Qihoo 360 Security
Win32/Trojan.ff5
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.6.15

Sophos
Mal/Zbot-QU
4.98

Trend Micro House Call
TROJ_SPNR.09EE14
7.2.218

Trend Micro
TROJ_SPNR.09EE14
10.465.06

Vba32 AntiVirus
Trojan.Inject
3.12.26.0

VIPRE Antivirus
Trojan-Downloader.Win32.Dofoil
29596

File size:
96 KB (98,304 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2014

Original file name:
Matrix.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/30/2014 9:05:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:LwjPz5wS8WLQ1g21f0AUbcupKwBvIGSGfX+98k9rkj0D:LwDz5j8/wRpKwBvIGSGf+98QkQD

Entry address:
0x5015

Entry point:
55, 8B, EC, 90, 8B, 0D, 90, A0, 40, 00, 33, C0, 85, C9, 74, 08, 56, E8, 82, 00, 00, 00, 90, 59, C3, C3, 50, E8, CB, C0, FF, FF, 50, 6A, 02, DC, 25, B0, 1C, 43, 00, DC, 0D, A8, 1C, 43, 00, DC, 05, 88, 1C, 43, 00, DF, 7D, F4, 8B, 45, F4, 8B, 4D, F8, 89, 45, EC, 89, 4D, F0, E8, 1D, 04, 00, 00, 83, C4, 0C, 8B, F0, E8, A1, 04, 00, 00, 8D, 45, EC, 50, E8, 8E, 00, 00, 00, 59, 50, 53, 8D, 45, D0, 6A, 14, 50, E8, BA, FF, FF, FF, 6A, 02, E8, F5, 03, 00, 00, 83, C4, 14, FF, 48, 1C, 11, FF, 15, E0, 67, 40, 00, 8D, 45...
 
[+]

Entropy:
6.7335

Developed / compiled with:
Microsoft Visual C++

Code size:
28 KB (28,672 bytes)

The file скайп)album_shared_001.jpg.exe has been seen being distributed by the following URL.

http://www.disaronno.com/?a4zsev4uw4zb9f=6e8f45ed6f8f48

Remove скайп)album_shared_001.jpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.