» chja.dll
Overview
Analysis
File Details

chja.dll

The library chja.dll has been detected as malware by 27 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

chja.dll

MD5:

9ebe1e70e1d4c86914c91fecbc9304bd

SHA-1:

994110243fac2d4a0f6802ab7e0a305ecee314f6

SHA-256:

5629e44f4a14083a669bc3f56d3879863f50c57eb4669ca2e051477681ffeef0

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/26/2024 7:53:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.405494

918

Avira AntiVirus

TR/Zbot.A.975

7.11.163.230

avast!

Win32:Malware-gen

2014.9-140731

AVG

PSW.Generic12

2015.0.3396

Baidu Antivirus

Trojan.Win32.Generik.BFLUCVOY

4.0.3.14731

Bitdefender

Gen:Variant.Kazy.405494

1.0.20.1060

Bkav FE

HW32.Laneul

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Kazy.405494

8.14.07.31.02

ESET NOD32

Generik.FLUCVOY (variant)

8.10149

Fortinet FortiGate

W32/Zbot.TNPD!tr

7/31/2014

F-Secure

Gen:Variant.Kazy.405494

11.2014-31-07_5

G Data

Gen:Variant.Kazy.405494

14.7.24

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.181.12834

Malwarebytes

Trojan.Cryptor

v2014.07.31.02

McAfee

RDN/Generic PWS.y!b2k

5600.7052

Microsoft Security Essentials

PWS:Win32/Zbot

1.10802

MicroWorld eScan

Gen:Variant.Kazy.405494

15.0.0.636

NANO AntiVirus

Trojan.Win32.Zbot.dcizxe

0.28.2.60990

Norman

Troj_Generic.UZRKJ

11.20140731

Panda Antivirus

Trj/CI.A

14.07.31.02

Qihoo 360 Security

Win32/Trojan.Spy.481

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14729

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DGJ14

7.2.212

Trend Micro

TROJ_GEN.R0CBC0DGJ14

10.465.31

VIPRE Antivirus

Trojan.Win32.Generic

31574

File size:

350 KB (358,400 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\chja.dll

File PE Metadata

Compilation timestamp:

3/27/2014 3:41:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:Hj+AIwPxffoGAM4fPea4u/gZyUqtkRWN2SI:HjywPFfoGnuWa4wg47kkdI

Entry address:

0xC51E

Entry point:

55, 8B, EC, 83, EC, 6C, C7, 45, 9C, 04, 00, 00, 00, EB, 07, 8B, 45, 9C, 40, 89, 45, 9C, 83, 7D, 9C, 09, 77, 14, 8B, 45, 9C, 8B, 0D, 14, 78, 44, 00, 8D, 44, 01, FE, A3, 14, 78, 44, 00, EB, DF, C7, 45, B8, 46, 00, 00, 00, A1, A0, 41, 43, 00, 89, 45, C0, C7, 45, A4, 98, 64, 44, 00, C7, 05, 50, 78, 44, 00, D4, 03, 00, 00, C7, 45, C8, A8, 58, 44, 00, 8B, 45, A4, 83, C0, 6F, 89, 45, B0, 8B, 45, C0, 89, 45, C4, C7, 45, A0, CC, A0, 43, 00, 81, 7D, C0, 52, 1E, 00, 00, 76, 0D, A1, D8, E4, 43, 00, 83, C0, 04, 89, 45... 
[+]

Entropy:

6.1328

Developed / compiled with:

Microsoft Visual C++

Code size:

190 KB (194,560 bytes)

Remove chja.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.