home

gpfmfs.exe

The executable gpfmfs.exe has been detected as malware by 38 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Gpfmfs’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
4720dbe407b5f674a5fb8c5d8bb49587

SHA-1:
fb0526ff109d24987d825995842524a2434ee066

SHA-256:
66689c8f31434c951e07d18c3ff399896a402e3eddf760d9aac32906ab341486

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 1:13:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
-40

AhnLab V3 Security
Win32/Virut.E
3.8.2.16

Avira AntiVirus
W32/Virut.Gen
8.3.3.4

Arcabit
Win32.Virtob.Gen.12
1.0.0.792

avast!
Win32:Vitro
2014.9-170316

AVG
Win32/Virut
2018.0.2438

Baidu Antivirus
Win32.Virus.Virut
4.0.3.17316

Bitdefender
Win32.Virtob.Gen.12
1.0.20.375

Bkav FE
W32.Vetor.PE
1.3.0.8455

Clam AntiVirus
Win.Trojan.Agent-1221837
0.99.211

Comodo Security
Virus.Win32.Virut.CE
26341

Dr.Web
Win32.Virut.56
9.0.1.075

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.17.03.16.09

ESET NOD32
Win32/Virut.NBP
11.14667

Fortinet FortiGate
W32/Zbot.AOV!tr
3/16/2017

F-Prot
W32/A-9182406e
v6.4.7.1.166

F-Secure
Win32.Virtob.Gen.12
11.2017-16-03_5

G Data
Win32.Virtob.Gen.12
17.3.25

IKARUS anti.virus
Net-Worm.Win32.Cynic
0.1.3.4

K7 AntiVirus
Trojan
13.246.21896

Kaspersky
Virus.Win32.Virut
14.0.0.-1317

McAfee
W32/Virut.n.gen
5600.6094

Microsoft Security Essentials
Virus:Win32/Virut.EPO
1.1.13303.0

MicroWorld eScan
Win32.Virtob.Gen.12
18.0.0.225

NANO AntiVirus
Trojan.Win32.ZPACK.bxpmay
1.0.70.14200

nProtect
Virus/W32.Virut.Gen
16.12.26.04

Panda Antivirus
W32/Sality.AO
17.03.16.09

Qihoo 360 Security
Virus.Win32.VirutChangeCall.J
1.0.0.1120

Quick Heal
W32.Virut.G
3.17.14.00

Rising Antivirus
Malware.Generic!fTzfOyT6P5V@2 (thunder)
23.00.65.17314

Sophos
W32/Scribble-B
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
8532

Total Defense
Win32/Virut.17408
37.1.62.1

Trend Micro House Call
PE_VIRUX.Q-1
7.2.75

Trend Micro
PE_VIRUX.Q-1
10.465.16

Vba32 AntiVirus
SScope.Worm.Dorkbot.2113
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Zbot.fdm
54760

ViRobot
Win32.Virut.Gen.C[h]
2014.3.20.0

File size:
138.5 KB (141,824 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\gpfmfs.exe

File PE Metadata
Compilation timestamp:
1/9/2006 9:40:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.0

Entry address:
0x1153F

Entry point:
55, 8B, EC, 83, C4, C0, 89, 55, C4, 03, 35, 48, B8, 41, 00, 01, 35, 58, 56, 41, 00, 2B, 3D, 58, 56, 41, 00, 29, 3D, 80, 66, 41, 00, 23, 15, D0, 3C, 41, 00, 01, 15, 44, 55, 41, 00, 03, 35, 58, 56, 41, 00, 21, 35, 44, 60, 41, 00, 03, 3D, 14, 33, 41, 00, 29, 3D, E4, 61, 41, 00, 03, 15, 80, 66, 41, 00, 29, 15, 80, 66, 41, 00, 2B, 05, 58, 56, 41, 00, 21, 05, 44, 55, 41, 00, 81, FE, B1, 00, 00, 00, 75, 12, 23, 1D, 48, B8, 41, 00, 01, 1D, 44, 55, 41, 00, EB, 31, 2A, 8C, 62, B7, 83, 3D, 48, B8, 41, 00, 00, 76, 24...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
70.5 KB (72,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Gpfmfs

Command:
C:\users\{user}\appdata\roaming\microsoft\gpfmfs.exe


Remove gpfmfs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.