home

'fish tycoon'_is1.pif

Sanfoin unspelle quadrang angiohem

Heaventools Software

The file 'fish tycoon'_is1.pif, “Azaleast ironman' calcites windjam smithyin” has been detected as malware by 28 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Symantec Corporation WInc.  (signed by Heaventools Software)

Product:
Sanfoin unspelle quadrang angiohem

Description:
Azaleast ironman' calcites windjam smithyin

Version:
5.05.0007

MD5:
ee2b1df42eaf97840151cbd09e94185b

SHA-1:
6750f2f2f7d238952886135d3fff43e8ab6eb69b

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
4/19/2024 1:23:49 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.Stoberox
2015.10.27

Avira AntiVirus
TR/Dropper.VB.Gen8
8.3.2.2

Arcabit
Trojan.Jatif.35
1.0.0.585

avast!
Win32:Malware-gen
2014.9-161228

AVG
Generic35
2017.0.2516

Bitdefender
Gen:Heur.Jatif.35
1.0.20.1815

Comodo Security
UnclassifiedMalware
23477

Dr.Web
Trojan.Inject1.25849
9.0.1.0363

Emsisoft Anti-Malware
Gen:Heur.Jatif.35
8.16.12.28.04

ESET NOD32
Win32/Injector.AQUH (variant)
10.12467

Fortinet FortiGate
W32/Inject.GNIU!tr
12/28/2016

F-Secure
Gen:Heur.Jatif.35
11.2016-28-12_4

G Data
Gen:Heur.Jatif.35
16.12.25

IKARUS anti.virus
Trojan.Win32.Stoberox
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17652

Kaspersky
Trojan.Win32.Inject
14.0.0.-926

Malwarebytes
Trojan.Zbot.FVS
v2016.12.28.04

McAfee
Artemis!EE2B1DF42EAF
5600.6172

Microsoft Security Essentials
VirTool:Win32/Injector.gen!ER
1.1.12205.0

MicroWorld eScan
Gen:Heur.Jatif.35
17.0.0.1089

NANO AntiVirus
Trojan.Win32.Inject.cmfqme
0.30.26.3947

Panda Antivirus
Trj/Dtcontx.I
16.12.28.04

Quick Heal
Trojan.Inject.r3
12.16.14.00

Sophos
Mal/Generic-L
4.98

Total Defense
Win32/Tnega.XAFZ!suspicious
37.1.62.1

VIPRE Antivirus
Trojan.Win32.Generic
44826

Zillya! Antivirus
Trojan.Inject.Win32.64043
2.0.0.2475

File size:
116.7 KB (119,489 bytes)

Product version:
5.05.0007

Original file name:
Tetragra ac.exe

Common path:
C:\Documents and Settings\{user}\Application data\'fish tycoon'_is1\'fish tycoon'_is1.pif

Digital Signature
Signed by:
Heaventools Software

Authority:
The USERTRUST Network

Valid from:
10/25/2007 3:00:00 AM

Valid to:
10/25/2009 2:59:59 AM

Subject:
CN=Heaventools Software, O=Heaventools Software, STREET=101-1001 West Broadway Dept. 381, L=Vancouver, S=BC, PostalCode=V6H4E4, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009F1730A374EFEA42ED0D1B504DA8F981

File PE Metadata
Compilation timestamp:
11/7/2013 11:50:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x4C7E0

Entry point:
60, BE, 00, 70, 43, 00, 8D, BE, 00, A0, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
88 KB (90,112 bytes)

Remove 'fish tycoon'_is1.pif - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.