» {d24b9627-4edc-d92d-a308-d4a0628ec87d}-temp245105738.exe
Overview
Analysis
File Details

{d24b9627-4edc-d92d-a308-d4a0628ec87d}-temp245105738.exe

The executable {d24b9627-4edc-d92d-a308-d4a0628ec87d}-temp245105738.exe has been detected as malware by 16 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

0ff9666c23f55e39ef4f9fee8bca4bf9

SHA-1:

bfd0e62f2a04b43f7004ab48d76c61cebb7aa0d3

SHA-256:

6fab59a1251908d4d2aee44b998767374762b3be2ef64e4b5c0f39e363c7c896

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/24/2024 2:53:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zbot.166

5876023

Avira AntiVirus

TR/Crypt.XPACK.Gen2

7.11.30.172

Arcabit

Trojan.Zbot.166

1.0.0.425

AVG

Inject2

2016.0.3029

Bitdefender

Gen:Variant.Zbot.166

1.0.20.1070

Dr.Web

Trojan.DownLoader14.60960

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zbot.166

10.0.0.5366

F-Secure

Gen:Variant.Zbot.166

5.14.151

G Data

Gen:Variant.Zbot.166

15.8.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.9.5.0

Kaspersky

Backdoor.Win32.Hlux

15.0.0.543

MicroWorld eScan

Gen:Variant.Zbot.166

16.0.0.642

NANO AntiVirus

Trojan.Win32.Winlock.dtpbai

0.30.24.2668

Norman

Gen:Variant.Zbot.166

07.07.2015 03:10:29

Sophos

Mal/Zbot-TY

4.98

Vba32 AntiVirus

Backdoor.Hlux

3.12.26.4

File size:

1 MB (1,068,601 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

24576:OYA9oumDUCirHxj7J9iJ7v7DwsI3+6bJUfLGL02FWP229isxwi+:OQvDUCiUzDw4HjGL0qj299xwi+

Entry point:

B2, A5, 6F, FF, FC, FF, FF, FF, FB, FF, FF, FF, 00, 00, FF, FF, 47, FF, FF, FF, FF, FF, FF, FF, BF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, 07, FF, FF, FF, F1, E0, 45, F1, FF, 4B, F6, 32, DE, 47, FE, B3, 32, DE, AB, 97, 96, 8C, DF, 8F, 8D, 90, 98, 8D, 9E, 92, DF, 9C, 9E, 91, 91, 90, 8B, DF, 9D, 9A, DF, 8D, 8A, 91, DF, 96, 91, DF, BB, B0, AC, DF, 92, 90, 9B, 9A, D1, F2, F2, F5, DB, FF, FF, FF, FF, FF, FF, FF... 
[+]

Entropy:

7.9685 (probably packed)

Remove {d24b9627-4edc-d92d-a308-d4a0628ec87d}-temp245105738.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.