home

cute-spring-photo-collection-img001-jpeg.exe

The executable cute-spring-photo-collection-img001-jpeg.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com.
MD5:
5b1c6f6d606335dd22207b0f5cb2af8c

SHA-1:
caa0b4c176493b165e8afc73b68b373056a6205d

SHA-256:
65a9637ef51d198ddbd9181360d49f7cb4608b8e825ef28bf66573d6aa57f878

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
5/4/2024 5:54:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Lethic.1
197

AegisLab AV Signature
Backdoor.W32.Napolar.tf!c
2.1.4+

AhnLab V3 Security
Spyware/Win32.Zbot.R101369
3.7.4.14

Arcabit
Trojan.Lethic.1
1.0.0.741

AVG
Generic35
2017.0.2675

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16721

Bitdefender
Gen:Variant.Lethic.1
1.0.20.1015

Bkav FE
W32.GenericEqsksoI.Trojan
1.3.0.8042

Comodo Security
TrojWare.Win32.Injector.BAGD
25367

Dr.Web
Trojan.PWS.Panda.655
9.0.1.0203

Emsisoft Anti-Malware
Gen:Variant.Lethic
8.16.07.21.02

ESET NOD32
Win32/Injector.BAUL (variant)
10.13736

Fortinet FortiGate
W32/Zbot.AGV!tr.dldr
7/21/2016

F-Secure
Gen:Variant.Lethic.1
11.2016-21-07_5

G Data
Gen:Variant.Lethic
16.7.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.231.20100

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-128

Malwarebytes
Ransom.Agent.FC
v2016.07.21.02

McAfee
Generic-FAUT!5B1C6F6D6063
5600.6331

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12902.0

MicroWorld eScan
Gen:Variant.Lethic.1
17.0.0.609

NANO AntiVirus
Trojan.Win32.Diztakun.cvzoca
1.0.38.8984

Panda Antivirus
Trj/Zbot.M
16.07.21.02

Qihoo 360 Security
QVM07.1.Malware.Gen
1.0.0.1120

Quick Heal
TrojanPWS.Zbot.AP4
7.16.14.00

Sophos
Mal/Ransom-CE
4.98

Trend Micro House Call
TROJ_SPNR.03DG14
7.2.203

Trend Micro
TROJ_SPNR.03DG14
10.465.21

Vba32 AntiVirus
Trojan.Diztakun
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
50522

Zillya! Antivirus
Trojan.Injector.Win32.240510
2.0.0.2939

File size:
204 KB (208,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cute-spring-photo-collection-img001-jpeg.exe

File PE Metadata
Compilation timestamp:
3/7/2014 6:51:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:g9CHo/mBlVXlVKTKX780nRUoIrkbkBue4pqIMWfJhHl4+7hEhwqEOFNv0L7tyNrk:YCv3LdnRRgAeu1pqgfJhG6mFNv0Loh1W

Entry address:
0x9870

Entry point:
55, 8B, EC, 6A, FF, 68, 78, C7, 40, 00, 68, F6, 99, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, B4, B5, 40, 00, 59, 83, 0D, 2C, E4, 40, 00, FF, 83, 0D, 30, E4, 40, 00, FF, FF, 15, B0, B5, 40, 00, 8B, 0D, 20, E4, 40, 00, 89, 08, FF, 15, F8, B5, 40, 00, 8B, 0D, 1C, E4, 40, 00, 89, 08, A1, C0, B5, 40, 00, 8B, 00, A3, 28, E4, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 30, E2, 40, 00, 75, 0C, 68, F2, 99, 40, 00, FF, 15, C4, B5...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
40 KB (40,960 bytes)

The file cute-spring-photo-collection-img001-jpeg.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?wyirpjf=bfd3b2ab

Remove cute-spring-photo-collection-img001-jpeg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.