» b035af2e06aaaab59d210c5c15e14181_141824.npb
Overview
Analysis
File Details

b035af2e06aaaab59d210c5c15e14181_141824.npb

The file b035af2e06aaaab59d210c5c15e14181_141824.npb has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

b035af2e06aaaab59d210c5c15e14181

SHA-1:

4b5088924d5ccfdf7837b4b8be2998c01076497b

SHA-256:

7e2fd544aab66f3c6fecf9152b06b8e9fbc7569ecef4fc87370ccc488453b9c6

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

2/7/2026 3:01:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.Zygug.5

-39

Agnitum Outpost

Backdoor.Androm

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2014.02.22

Avira AntiVirus

Worm/Dorkbot.I.1600

7.11.133.30

avast!

Win32:Downloader-TNV [Trj]

2014.9-170315

AVG

SHeur4

2018.0.2439

Bitdefender

Gen:Heur.Zygug.5

1.0.20.370

Bkav FE

W32.GalorenK.Trojan

1.3.0.4924

Comodo Security

TrojWare.Win32.Kryptik.BDBC

17826

Dr.Web

BackDoor.IRC.NgrBot.146

9.0.1.074

Emsisoft Anti-Malware

Gen:Heur.Zygug

8.17.03.15.05

ESET NOD32

Win32/Dorkbot

11.9456

Fortinet FortiGate

W32/Zbot.AOV!tr

3/15/2017

F-Secure

Gen:Heur.Zygug.5

11.2017-15-03_4

G Data

Gen:Heur.Zygug

17.3.24

IKARUS anti.virus

Worm.Win32.Luder

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11239

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1311

Malwarebytes

Spyware.Zbot.ED

v2017.03.15.05

McAfee

PWS-Zbot-FBDR!B035AF2E06AA

5600.6095

Microsoft Security Essentials

Worm:Win32/Dorkbot.I

1.10302

MicroWorld eScan

Gen:Heur.Zygug.5

18.0.0.222

NANO AntiVirus

Trojan.Win32.NgrBot.cqkyve

0.28.0.57630

Norman

Dorkbot.GUU

11.20170315

Panda Antivirus

W32/Dorkbot.A.worm

17.03.15.05

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

Worm.Dorkbot

3.17.12.00

Rising Antivirus

PE:Worm.Dorkbot!6.65E

23.00.65.17313

Sophos

Mal/EncPk-AKC

4.97

SUPERAntiSpyware

Trojan.Agent/Gen-Zbot

8535

Total Defense

Win32/Dorkbot.EOPHHJD

37.0.10776

Vba32 AntiVirus

BScope.Backdoor.Andr.3113

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26722

File size:

138.5 KB (141,824 bytes)

Language:

English (United States)

Common path:

C:\ProgramData\net protector\npbkp\b035af2e06aaaab59d210c5c15e14181_141824.npb

File PE Metadata

Compilation timestamp:

5/30/2011 6:14:09 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.0

Entry address:

0x13F8C

Entry point:

55, 8B, EC, 83, C4, CC, 23, 0D, 1C, ED, 41, 00, 01, 0D, B0, E8, 41, 00, 89, 55, D0, 23, 3D, 08, 68, 42, 00, 01, 3D, CC, BF, 41, 00, 03, 35, 20, BF, 41, 00, 29, 35, 48, E0, 41, 00, F7, C1, 00, 80, 00, 82, 75, 06, EB, 1C, 92, 63, EC, 07, 81, 3D, 38, CB, 41, 00, 00, 00, 00, 69, 73, 0C, 03, 1D, 1C, ED, 41, 00, 21, 1D, 48, E0, 41, 00, 23, 3D, 38, CB, 41, 00, 29, 3D, 20, BF, 41, 00, 03, 15, B0, E8, 41, 00, 29, 15, B0, E8, 41, 00, 23, 0D, 08, 68, 42, 00, 21, 0D, 5C, F7, 41, 00, 23, 05, B0, E8, 41, 00, 01, 05, 1C... 
[+]

Entropy:

6.9338

Developed / compiled with:

Microsoft Visual C++

Code size:

86.5 KB (88,576 bytes)

Remove b035af2e06aaaab59d210c5c15e14181_141824.npb - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.