home

fourengine.exe

ASUSTeK Computer Inc.

The executable fourengine.exe has been detected as malware by 38 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
ASUSTeK Computer Inc.

Version:
1.0.1.0

MD5:
a29d996c00ecc1a019b442b043287f54

SHA-1:
4a1a3cf16dadbb6868ba392802ad5038c9f22788

SHA-256:
7ecae19a827f2daa2478d748ec9120417dcc7a85bd68adcf44ec4f05b92dae50

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 3:31:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit
827

AegisLab AV Signature
W32.Nimnul
2.1.4+

Agnitum Outpost
Win32.Ramnit.Gen.3
7.1.1

AhnLab V3 Security
Win32/Ramnit.B
2014.10.31

Avira AntiVirus
W32/Ramnit.A
7.11.182.116

avast!
Win32:RmnDrp
2014.9-141030

AVG
Win32/Zbot.A
2015.0.3305

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.141030

Bitdefender
Win32.Ramnit
1.0.20.1515

Bkav FE
W32.RammitNNA.PE
1.3.0.6185

Comodo Security
Virus.Win32.Ramnit.A
19945

Dr.Web
Win32.Rmnet
9.0.1.0303

Emsisoft Anti-Malware
Win32.Ramnit
8.14.10.30.08

ESET NOD32
Win32/Ramnit
8.10646

Fortinet FortiGate
W32/Ramnit.C
10/30/2014

F-Prot
W32/Ramnit.B
v6.4.7.1.166

F-Secure
Win32.Ramnit
11.2014-30-10_5

G Data
Win32.Ramnit
14.10.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.8.3.0

K7 AntiVirus
Virus
13.185.13853

Kaspersky
Virus.Win32.Nimnul
14.0.0.3021

McAfee
W32/Ramnit.a
5600.6961

Microsoft Security Essentials
Virus:Win32/Ramnit.A
1.11104

MicroWorld eScan
Win32.Ramnit
15.0.0.909

NANO AntiVirus
Virus.Win32.Nimnul.bpchjo
0.28.6.62995

Norman
Krap.XK
11.20141030

nProtect
Win32.Ramnit
14.10.30.01

Qihoo 360 Security
Virus.Win32.Ramnit.B
1.0.0.1015

Quick Heal
W32.Ramnit.A
10.14.14.00

Rising Antivirus
PE:Win32.Ramnit.a!1590234
23.00.65.141028

Sophos
W32/Patched-I
4.98

Total Defense
Win32/Ramnit.A
37.0.11255

Trend Micro House Call
PE_RAMNIT.H
7.2.303

Trend Micro
PE_RAMNIT.H
10.465.30

Vba32 AntiVirus
Virus.Win32.Nimnul.a
3.12.26.3

VIPRE Antivirus
Virus.Win32.Ramnit.a
34378

ViRobot
Win32.Ramnit.E
2011.4.7.4223

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.1973

File size:
5.6 MB (5,880,320 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\Program Files\asus\epu-4 engine\fourengine.exe

File PE Metadata
Compilation timestamp:
10/15/2009 1:08:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:SoabWAPxUnzrdKG5MqqqtqAGu1Zuft4ggLGdvqqqQ3CQ3CN67emtUg9qd+SZGFH6:SGzrdKG5MqqqtqAGu1ZuGggLGdvqqqQR

Entry address:
0x597000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Entropy:
7.6091

Packer / compiler:
ASPack v1.08.04

Code size:
724 KB (741,376 bytes)

Scheduled Task
Task name:
ASUS SIX Engine

Path:
\ASUS\ASUS SIX Engine

Trigger:
Logon (Runs on logon)


Remove fourengine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.