home

Handstone.exe

Grundy

FUTUREMARK INC

The file Handstone.exe has been detected as malware by 29 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Chromogram2  (signed by FUTUREMARK INC)

Product:
Grundy

Description:
Womanism

Version:
1.00

MD5:
9408e4e82fe935a95fe6cd2519e75827

SHA-1:
83ace467c352ae314ee733c4b69a2c52b19b05a7

SHA-256:
b00adc3d2f38d8ba71923036cad4116dbedc559776ef4b5819e968da0fc71a4f

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
4/25/2024 10:00:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.54491
373

Agnitum Outpost
Trojan.VBKryjetor
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.08.24

Avira AntiVirus
TR/Injector.305904
8.3.1.6

Arcabit
Trojan.Symmi.DD4DB
1.0.0.425

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160127

AVG
Crypt_vb
2017.0.2851

Baidu Antivirus
Trojan.Win32.VBKryjetor
4.0.3.16127

Bitdefender
Gen:Variant.Symmi.54491
1.0.20.135

Bkav FE
W32.KangisturLTAAF.Trojan
1.3.0.7133

Emsisoft Anti-Malware
Gen:Variant.Symmi.54491
8.16.01.27.06

ESET NOD32
Win32/Injector.CFQT (variant)
10.12140

Fortinet FortiGate
W32/Injector.CFSL!tr
1/27/2016

F-Secure
Gen:Variant.Symmi.54491
11.2016-27-01_4

G Data
Gen:Variant.Symmi.54491
16.1.25

IKARUS anti.virus
Trojan.VB.Inject
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2016978

Kaspersky
Trojan.Win32.VBKryjetor
14.0.0.751

McAfee
RDN/Generic.dx
5600.6507

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12002.0

MicroWorld eScan
Gen:Variant.Symmi.54491
17.0.0.81

NANO AntiVirus
Trojan.Win32.VBKryjetor.duugov
0.30.24.3079

Panda Antivirus
Trj/Genetic.gen
16.01.27.06

Qihoo 360 Security
Win32/Trojan.109
1.0.0.1015

Quick Heal
TrojanPWS.Zbot.AC3
1.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R08NC0DGV15
10.465.27

Vba32 AntiVirus
Trojan.VBKryjetor
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43156

File size:
298.7 KB (305,904 bytes)

Product version:
1.00

Original file name:
Handstone.exe

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\d25d.tmp

Digital Signature
Signed by:
FUTUREMARK INC

Authority:
DigiCert Inc

Valid from:
5/6/2013 9:00:00 PM

Valid to:
5/10/2016 9:00:00 AM

Subject:
CN=FUTUREMARK INC, O=FUTUREMARK INC, L=Saratoga, S=California, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08FB241B5EDB825B27D2709EAEF886F9

File PE Metadata
Compilation timestamp:
7/26/2015 9:01:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:KrMm/Xgkq0Q6lYXa90BjpSsVwrpvX4o1JtFxyv/:KrMmokbYXaiFgsQP/Uv/

Entry address:
0x1194

Entry point:
68, 20, 86, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 95, F3, 69, B4, EA, A5, B3, 4A, B2, AE, 8A, 3A, 66, 83, C4, BC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 47, 6F, 67, 67, 6C, 65, 72, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, EF, 4B, 79, 79, 23, A0, DB, 40, AC, C8, 79, 9D, 7E, 94, E4, A9, 3D, 53, 87, 6C, A7, B9, F8, 4F, 84, D2, 6B, B0, 09, C5, 24, 00, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
256 KB (262,144 bytes)

Remove Handstone.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.