home

{blocked}.exe

The executable {blocked}.exe has been detected as malware by 34 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from incitemarketing.ca.
MD5:
6f1d26e287356b92d583b2ad9f5cde2f

SHA-1:
393e8c5ad9c1675625862f73a5c626a86f5fbd02

SHA-256:
2e44652af50339f59c8581ccc6e63be9303c64b9145d3253f021189f72bb04ec

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
4/24/2024 5:12:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.478133
537

AhnLab V3 Security
Trojan/Win32.Ransomlock
2015.07.07

Avira AntiVirus
TR/Spy.ZBot.rzoqoh
8.3.1.6

Arcabit
Trojan.Kazy.D74BB5
1.0.0.425

avast!
Win32:Crypt-QTG [Trj]
2014.9-150816

AVG
PSW.Generic12
2016.0.3015

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.15816

Bitdefender
Gen:Variant.Kazy.478133
1.0.20.1140

Comodo Security
TrojWare.Win32.Injector.BALM
22690

Dr.Web
Trojan.DownLoader11.20414
9.0.1.0228

Emsisoft Anti-Malware
Gen:Variant.Kazy.478133
8.15.08.16.10

ESET NOD32
Win32/Injector.BBFI (variant)
9.11899

Fortinet FortiGate
W32/Kryptik.BYE!tr
8/16/2015

F-Secure
Gen:Variant.Kazy.478133
11.2015-16-08_1

G Data
Gen:Variant.Kazy.478133
15.8.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16474

Kaspersky
Trojan.Win32.Agent
14.0.0.1570

Malwarebytes
Trojan.Agent.ED
v2015.08.16.10

McAfee
Generic-FAUT!6F1D26E28735
5600.6671

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.11804.0

MicroWorld eScan
Gen:Variant.Kazy.478133
16.0.0.684

NANO AntiVirus
Trojan.Win32.Zbot.cvyklt
0.30.24.2487

Panda Antivirus
Trj/CI.A
15.08.16.10

Qihoo 360 Security
Win32/Trojan.573
1.0.0.1015

Quick Heal
TrojanDownloader.Upatre.A4
8.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.12.23.0

Rising Antivirus
PE:Trojan.Win32.Generic.16A40730!379848496
23.00.65.15814

Sophos
Troj/HkMain-U
4.98

Trend Micro House Call
TROJ_SPNV.03D914
7.2.228

Trend Micro
TROJ_SPNV.03D914
10.465.16

Vba32 AntiVirus
BScope.Malware-Cryptor.FCM.3514
3.12.26.4

VIPRE Antivirus
Trojan-Ransom.Win32.Crypren.pql
41780

Zillya! Antivirus
Trojan.Agent.Win32.479641
2.0.0.2271

File size:
184 KB (188,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photo_024.jpeg-2014-sexy.exe

File PE Metadata
Compilation timestamp:
3/22/2014 11:25:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
3072:X0HkvzLJa7uxMARwrvha0henC99VvSnP+IqPNnrB+OaDWfIy94SvaHGj:Xi2JoA+g3Y942IgnrDseIyikamj

Entry address:
0x4DE2

Entry point:
55, 8B, EC, 6A, FF, 68, 90, 7B, 40, 00, 68, 4C, 51, 90, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 90, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 74, 65, 40, 00, 59, 83, 90, 00, 96, 40, 00, FF, 83, 0D, 04, 96, 40, 00, FF, FF, 15, 70, 65, 40, 00, 8B, 0D, F4, 95, 40, 00, 89, 08, FF, 15, 6C, 65, 40, 00, 8B, 0D, F0, 95, 40, 00, 89, 08, A1, 68, 65, 40, 00, 8B, 00, A3, FC, 95, 40, 00, E8, F8, 02, 00, 00, 39, 1D, 10, 95, 40, 00, 75, 0C, 68, 48, 51, 40, 00, FF, 15...
 
[+]

Entropy:
7.4420

Developed / compiled with:
Microsoft Visual C++

Code size:
20 KB (20,480 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

http://incitemarketing.ca/?cz8y7huat2l2=481761d0bf0d1370b

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.