home

de2377f350909e452924885186bcd2ac.exe

CJSC Computing Forces

The executable de2377f350909e452924885186bcd2ac.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
TXRX 2014 Inc.  (signed by CJSC Computing Forces)

Product:
TXRX 2014 Inc.

Version:
1.03.0004

MD5:
de2377f350909e452924885186bcd2ac

SHA-1:
9024dc8cb5f86e4e9c5ab2b714f8b6641024ba0d

SHA-256:
00d27a21ea9aceb56109de6a1222e0aead1a6b2ef597831c51dd8c19aa737596

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
11/18/2025 3:58:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.164768
342

Agnitum Outpost
Trojan.Boaxxe
7.1.1

Avira AntiVirus
TR/Dropper.VB.37325
8.3.2.2

Arcabit
Trojan.Zusy.D283A0
1.0.0.582

avast!
Win32:Malware-gen
2014.9-160228

AVG
Atros2
2017.0.2820

Bitdefender
Gen:Variant.Zusy.164768
1.0.20.295

Dr.Web
Trojan.Siggen6.23087
9.0.1.059

Emsisoft Anti-Malware
Gen:Variant.Zusy.164768
8.16.02.28.04

ESET NOD32
Win32/Boaxxe.BR
10.12383

Fortinet FortiGate
W32/Boaxxe.AI!tr
2/28/2016

F-Secure
Gen:Variant.Zusy.164768
11.2016-28-02_1

G Data
Gen:Variant.Zusy.164768
16.2.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17485

Malwarebytes
Trojan.Agent.VB
v2016.02.28.04

Microsoft Security Essentials
Trojan:Win32/Miuref.F
1.1.12101.0

MicroWorld eScan
Gen:Variant.Zusy.164768
17.0.0.177

Panda Antivirus
Trj/Genetic.gen
16.02.28.04

Quick Heal
TrojanPWS.Zbot.VA3
2.16.14.00

Rising Antivirus
PE:Malware.RDM.24!5.1E[F1]
23.00.65.16226

Sophos
Troj/Miuref-AI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9297

Trend Micro
TROJ_GEN.R08NC0DJ815
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
44414

ViRobot
Trojan.Win32.Agent.140816.A[h]
2014.3.20.0

File size:
137.5 KB (140,816 bytes)

Product version:
1.03.0004

Original file name:
TXRX 2014 Inc..exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\de2377f350909e452924885186bcd2ac.exe

Digital Signature
Signed by:
CJSC Computing Forces

Authority:
Thawte, Inc.

Valid from:
9/10/2013 7:00:00 AM

Valid to:
10/20/2015 6:59:59 AM

Subject:
CN=CJSC Computing Forces, OU=IT, O=CJSC Computing Forces, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A5647FCC7D6193E773D1EE0D01F40E4

File PE Metadata
Compilation timestamp:
10/2/2015 3:31:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:gkSfA6ls509+YPKZwM61/gDdlXhQyYndFQui:gvI6lsDYgA47hMzK

Entry address:
0x12CC

Entry point:
68, 44, 38, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 6F, 3F, 34, BF, FA, 46, 6B, 4B, 8E, 68, 8A, AE, 10, 98, AD, 91, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, D8, 0C, 2B, 00, 4A, 75, 6E, 67, 65, 00, 2A, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, EC, 99, A4, DF, EC, 0D, 64, 48, 8A, EC, 10, 12, 72, AD, EA, 8C, 00, 61, DF, 0C, C6, 90, 13, 49, A9, 7F, E3, 62, B6, 5D, 72, A1, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
6.9531

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
120 KB (122,880 bytes)

Remove de2377f350909e452924885186bcd2ac.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.