» idtizyy.exe
Overview
Analysis
File Details
Behaviors (1)
Network (51)

idtizyy.exe

Musrukafa Visatl Studio 2010

Musrukafa Corporatien

The executable idtizyy.exe, “Musrukafa Visatl Studie 2010” has been detected as malware by 29 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. While running, it connects to the Internet address 61.27.38.216.hosted.by.thegcloud.com on port 80 using the HTTP protocol.

File name:

idtizyy.exe

Publisher:

Musrukafa Corporatien

Product:

Musrukafa® Visatl Studio® 2010

Description:

Musrukafa Visatl Studie 2010

Version:

1.7.42074.51266 built by: SP1Rel

MD5:

8febfc3fd26679834483b7553ac22e91

SHA-1:

508fdce6c9283d728edabb840f7acf0a09ad62c0

SHA-256:

dd6a2910b28d7a74a900ad43212c591fba795c7a048932136302637d5207dbed

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/24/2024 4:26:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11898611

851

AhnLab V3 Security

Trojan/Win32.Kovter

2014.10.07

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:Dropper-gen [Drp]

141003-0

AVG

Win32/Cryptor

2014.0.4037

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.14108

Bitdefender

Trojan.Generic.11898611

1.0.20.1400

Bkav FE

HW32.Paked

1.3.0.4959

Emsisoft Anti-Malware

Trojan.Generic.11898611

8.14.10.07.05

ESET NOD32

Win32/Spy.Zbot.ABA

8.10523

Fortinet FortiGate

W32/Kryptik.CJJK!tr

10/7/2014

F-Secure

Trojan.Generic.11898611

11.2014-07-10_3

G Data

Trojan.Generic.11898611

14.10.24

IKARUS anti.virus

Trojan.Dropper

t3scan.1.7.8.0

K7 AntiVirus

Spyware

13.183.13597

Kaspersky

Trojan-Spy.Win32.Zbot

15.0.0.494

Malwarebytes

Spyware.Zbot.MSXGen

v2014.10.07.05

McAfee

RDN/Generic PWS.y!bb3

5600.6984

Microsoft Security Essentials

PWS:Win32/Zbot

1.11005

MicroWorld eScan

Trojan.Generic.11898611

15.0.0.840

nProtect

Trojan.Generic.11898611

14.10.06.01

Panda Antivirus

Trj/Genetic.gen

14.10.07.05

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.8.0

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141005

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R08NC0EJ614

7.2.281

Trend Micro

TROJ_GEN.R08NC0EJ614

10.465.08

VIPRE Antivirus

Threat.4150696

33706

File size:

275.6 KB (282,226 bytes)

Product version:

1.7.42074.51266

Original file name:

dimink.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\nadiymbe\idtizyy.exe

File PE Metadata

Compilation timestamp:

2/22/2011 8:51:47 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:o0lTCPMtbXDdbSIzLUqPLnyIOcx7ooUcdPUHOaKc8W:o0lePGTDdb9PPmF27ooUcdPF3G

Entry address:

0x6CC8

Entry point:

55, 8B, EC, 81, EC, EC, 01, 00, 00, B8, A3, F0, 00, 00, EB, 11, 8B, 0D, 70, 50, 44, 00, 03, C9, 89, 45, F8, 89, 8D, 70, FE, FF, FF, 53, 83, E9, 8B, EB, 05, 8B, C7, 89, 45, C0, 56, BA, 97, 1F, 00, 00, 23, D0, 89, 95, DC, FE, FF, FF, 57, 81, F2, 00, 48, 80, C3, 89, 95, DC, FE, FF, FF, 03, D2, 8B, 05, 78, 50, 44, 00, 89, 45, F4, 89, 55, F4, 68, A0, 50, 44, 00, FF, 15, 40, 46, 44, 00, EB, 08, 8B, C3, 89, 85, 48, FE, FF, FF, 89, 85, 24, FE, FF, FF, 8B, 95, DC, FE, FF, FF, 83, F2, B0, 83, FA, 2E, 74, 06, 89, 95... 
[+]

Entropy:

7.8641

Developed / compiled with:

Microsoft Visual C++

Code size:

41 KB (41,984 bytes)

Scheduled Task

Task name:

Security Center Update - 2510632482

Trigger:

Daily (Runs daily at 5:00 AM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to vip1.g.cachefly.net (205.234.175.175:443)

TCP (HTTP):

Connects to utsapi-adcom-mtc.evip.aol.com (64.12.68.22:80)

TCP (HTTP):

Connects to storage.trusearch.com (50.97.70.59:80)

TCP (HTTP):

Connects to server-54-230-39-54.jfk1.r.cloudfront.net (54.230.39.54:80)

TCP (HTTP):

Connects to server-54-230-38-31.jfk1.r.cloudfront.net (54.230.38.31:80)

TCP (HTTP):

Connects to server-54-230-37-111.jfk1.r.cloudfront.net (54.230.37.111:80)

TCP (HTTP):

Connects to ny1-g014.intellitxt.com (199.16.172.22:80)

TCP (HTTP):

Connects to li374-140.members.linode.com (96.126.125.140:80)

TCP (HTTP SSL):

Connects to lga15s46-in-f27.1e100.net (173.194.123.27:443)

TCP (HTTP):

Connects to lga15s46-in-f25.1e100.net (173.194.123.25:80)

TCP (HTTP):

Connects to lga15s45-in-f28.1e100.net (74.125.226.188:80)

TCP (HTTP SSL):

Connects to lga15s43-in-f28.1e100.net (74.125.226.60:443)

TCP (HTTP):

Connects to g1.v.fwmrm.net (75.98.70.31:80)

TCP (HTTP):

Connects to float.625.bm-impbus.prod.nym2.adnexus.net (68.67.152.160:80)

TCP (HTTP):

Connects to float.618.bm-impbus.prod.nym2.adnexus.net (68.67.152.154:80)

TCP (HTTP):

Connects to float.2198.bm-impbus.prod.nym2.adnexus.net (68.67.153.204:80)

TCP (HTTP):

Connects to float.2075.bm-impbus.prod.nym2.adnexus.net (68.67.153.193:80)

TCP (HTTP):

Connects to float.1382.bm-impbus.prod.nym2.adnexus.net (68.67.152.78:80)

TCP (HTTP):

Connects to fivemin-cs-shared-mtc-c.evip.aol.com (64.12.245.3:80)

TCP (HTTP):

Connects to fivemin-cs-shared-dtc-c.evip.aol.com (205.188.41.3:80)

Remove idtizyy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.