home

amoxibx.exe

The executable amoxibx.exe has been detected as malware by 33 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
1c8d35a915617adc0a1d828e0c286b9f

SHA-1:
46a0a44f56efa9bfc3f59883a550f161d6123688

SHA-256:
c27343ae2b45798fad4013eca7129b06f13d7717fdf60d529a5437426b9c69c7

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/24/2024 11:20:03 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BFHR
865

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Dropper/Win32.Necurs
2014.09.23

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:Trojan-gen
140908-2

AVG
Trojan horse SHeur4.CBYF
2014.0.4025

Bitdefender
Trojan.Agent.BFHR
1.0.20.1325

Bkav FE
HW32.Paked
1.3.0.4959

Clam AntiVirus
Win.Trojan.Agent-777282
0.98/19418

Comodo Security
TrojWare.Win32.Kryptik.CLDT
19585

Dr.Web
Trojan.Siggen6.15132
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Agent.BFHR
8.14.09.22.02

ESET NOD32
Win32/Kryptik.CLDT (variant)
8.10448

Fortinet FortiGate
W32/Kryptik.VOOA!tr
9/22/2014

F-Prot
W32/A-d603cd38
v6.4.7.1.166

F-Secure
Trojan.Agent.BFHR
11.2014-22-09_2

G Data
Trojan.Agent.BFHR
14.9.24

IKARUS anti.virus
Trojan-Ransom.Win32.Blocker
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13451

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3212

Malwarebytes
Trojan.Zbot.EK
v2014.09.22.02

McAfee
PWSZbot-FADO!1C8D35A91561
5600.6999

Microsoft Security Essentials
Threat.Undefined
1.185.769.0

MicroWorld eScan
Trojan.Agent.BFHR
15.0.0.795

NANO AntiVirus
Trojan.Win32.XPACK.deytts
0.28.2.62286

nProtect
Trojan.Agent.BFHR
14.09.22.01

Panda Antivirus
Trj/Genetic.gen
14.09.22.02

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14920

Sophos
Troj/Agent-AHQI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Barys
10344

Total Defense
Win32/Zbot.ZTMEATD
37.0.11194

Vba32 AntiVirus
BScope.P2P-Worm.Palevo
3.12.26.3

VIPRE Antivirus
Threat.4150696
32938

File size:
284.7 KB (291,578 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\amoxibx.exe

File PE Metadata
Compilation timestamp:
7/15/2012 6:11:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:78Yie1C4KuIiapUe9M7VDVc7qXpTcHmGreFC4RRPhrllWVYKpl6Jy:78G1CAb6M7VDGq5T+co4Rjlwvl6Jy

Entry address:
0x12968

Entry point:
55, 8B, EC, 81, EC, 28, 02, 00, 00, B8, C6, 00, 00, 00, 89, 85, 70, FE, FF, FF, 53, 89, 85, 70, FE, FF, FF, 56, 89, 85, 70, FE, FF, FF, 57, 8B, 95, 70, FE, FF, FF, 89, 95, 1C, FE, FF, FF, 8B, 85, 1C, FE, FF, FF, 83, F8, 2C, 75, 0B, EB, 09, 83, EB, 8F, 89, 9D, B8, FE, FF, FF, 6A, 27, 6A, 00, FF, 15, 58, 62, 51, 00, 3B, 9D, 78, FE, FF, FF, 75, 3E, EB, 3C, 83, E3, 33, EB, 37, 2B, F9, EB, 33, 83, C2, 43, 3B, 95, 30, FE, FF, FF, 75, 28, BE, CA, 00, 00, 00, EB, 21, 81, C7, 00, 18, 0A, 08, B9, FE, 00, 00, 00, F7...
 
[+]

Entropy:
7.8708

Developed / compiled with:
Microsoft Visual C++

Code size:
163.5 KB (167,424 bytes)

Scheduled Task
Task name:
Security Center Update - 2860625476

Trigger:
Daily (Runs daily at 1:00)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


Remove amoxibx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.