home

ceyxvo.exe

Lucid Software

The executable ceyxvo.exe, “rz27U0za4 90adddef” has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Lucid Software

Description:
rz27U0za4 90adddef

Version:
2 8.515 521

MD5:
3b5554995df0930dd314ebdd265d5621

SHA-1:
492ca22b3d1d5a529edf7c73f871583ea41ef325

SHA-256:
50f824abf1d02b78dd6801ba54ffba8d179bffb62c254ebe7b702eb34b428c59

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/26/2024 7:46:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BFLC
866

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Zbot
2014.09.20

Avira AntiVirus
TR/Spy.ZBot.ikyt
7.11.173.122

avast!
Win32:Dropper-gen [Drp]
2014.9-140922

AVG
Trojan horse Agent4
2015.0.3344

Bitdefender
Trojan.Agent.BFLC
1.0.20.1325

Bkav FE
HW32.Paked
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Agent.BFLC
8.14.09.22.11

ESET NOD32
Win32/Spy.Zbot.ABP
8.10444

Fortinet FortiGate
W32/Yakes.GAKM!tr
9/22/2014

F-Secure
Trojan.Agent.BFLC
11.2014-22-09_2

G Data
Trojan.Agent.BFLC
14.9.24

K7 AntiVirus
Trojan
13.183.13432

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.3213

Malwarebytes
Trojan.Agent
v2014.09.22.11

McAfee
PWSZbot-FADF!D9A9EA3640A6
5600.7000

Microsoft Security Essentials
PWS:Win32/Zbot
1.11005

MicroWorld eScan
Trojan.Agent.BFLC
15.0.0.795

NANO AntiVirus
Trojan.Win32.Blocker.dfgnyy
0.28.2.62151

nProtect
Trojan.Agent.BFLC
14.09.19.01

Panda Antivirus
Trj/Genetic.gen
14.09.22.11

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.22.11

Sophos
Troj/Agent-AIYE
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Swizzor
10344

Total Defense
Win32/Zbot.bBPeKMD
37.0.11194

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.265

Trend Micro
TROJ_FORUCON.BMC
10.465.22

VIPRE Antivirus
Threat.4150696
32938

Zillya! Antivirus
Trojan.Blocker.Win32.22148
2.0.0.1929

File size:
336.5 KB (344,576 bytes)

Product version:
2 8.515 521

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\ceyxvo.exe

File PE Metadata
Compilation timestamp:
9/16/2014 6:55:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/SBPmpS+WFqO6hUviwDIU/DzOPPlc+qYa7bKjHNk7fMlTr3ckejeAM1Okx:K4khruUXISDzGPlXS7bgkQley

Entry address:
0x12E84

Entry point:
55, 8B, EC, 6A, FF, 68, E8, 43, 41, 00, 68, 70, 30, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, AC, 40, 41, 00, 59, 83, 0D, 84, 38, 53, 00, FF, 83, 0D, 88, 38, 53, 00, FF, FF, 15, B0, 40, 41, 00, 8B, 0D, 80, 38, 53, 00, 89, 08, FF, 15, B4, 40, 41, 00, 8B, 0D, 7C, 38, 53, 00, 89, 08, A1, B8, 40, 41, 00, 8B, 00, A3, 8C, 38, 53, 00, E8, 28, 01, 00, 00, 39, 1D, 64, 68, 41, 00, 75, 0C, 68, 18, 30, 41, 00, FF, 15, DC, 40...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
76 KB (77,824 bytes)

Scheduled Task
Task name:
Security Center Update - 4096279086

Trigger:
Daily (Runs daily at 18:00)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


Remove ceyxvo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.