home

ikvyo.exe

Masnesaft Visual Studio 2010

Masnesaft Corporation

The application ikvyo.exe, “Masnesaft Visual Studie 2010” has been detected as a potentially unwanted program by 33 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Masnesaft Corporation

Product:
Masnesaft® Visual Studio® 2010

Description:
Masnesaft Visual Studie 2010

Version:
1.9.43074.5121 built by: SP1Rel

MD5:
a08004f7a0d99aae99c5da4b5d807d29

SHA-1:
962e8550ac47798eaf1a2bb6d2b76d2c0092ee0d

SHA-256:
3d61d8805925e292c5424f7cef134f4fabf541944c2fb74b09e2e71280069121

Scanner detections:
33 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:18:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.409901
918

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Trojan/Win32.Katusha
2014.08.01

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:Zbot-UGS [Trj]
140617-1

AVG
Trojan horse Crypt3.AEHM
2014.0.3986

Bitdefender
Gen:Variant.Kazy.409901
1.0.20.1060

Bkav FE
HW32.CDB
1.3.0.4959

Clam AntiVirus
Win.Trojan.Agent-752429
0.98/19168

Comodo Security
TrojWare.Win32.Kryptik.CHIQ
19039

Dr.Web
Trojan.Siggen6.15132
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.409901
8.14.07.31.03

ESET NOD32
Win32/Kryptik.CGTO trojan
7.0.302.0

Fortinet FortiGate
W32/Katusha.CGKA!tr
7/31/2014

F-Secure
Gen:Variant.Kazy.409901
11.2014-31-07_5

G Data
Gen:Variant.Kazy.409901
14.7.24

IKARUS anti.virus
Packed.Win32.Katusha
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.182.12911

Kaspersky
Packed.Win32.Katusha
15.0.0.494

Malwarebytes
Spyware.Zbot.MSXGen
v2014.07.31.03

McAfee
PWSZbot-FBTA!A08004F7A0D9
5600.7052

Microsoft Security Essentials
Threat.Undefined
1.179.1619.0

MicroWorld eScan
Gen:Variant.Kazy.409901
15.0.0.636

NANO AntiVirus
Trojan.Win32.Katusha.dchieb
0.28.2.61148

Panda Antivirus
Trj/Genetic.gen
14.07.31.03

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14729

Sophos
Troj/Zbot-HGR
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FalComp
10450

Total Defense
Win32/Zbot.KfLBQP
37.0.11091

Trend Micro House Call
TSPY_ZBOT.SMRAP
7.2.212

Trend Micro
TSPY_ZBOT.SMRAP
10.465.31

VIPRE Antivirus
Threat.4150696
31208

File size:
355.5 KB (364,065 bytes)

Product version:
1.9.43074.5121

Copyright:
© Masnesaft Corporation. All rights reserved.

Original file name:
devenv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\xyfousuf\ikvyo.exe

File PE Metadata
Compilation timestamp:
1/29/2011 9:49:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:EwCfc4sNa6+uE/GW7DXXW4s9SKxI6OqJiOTNrE9MUotRvI4:HC0b+uuVPXGTZeqJNrIMUilI4

Entry address:
0xC588

Entry point:
55, 8B, EC, 81, EC, 8C, 01, 00, 00, EB, 4E, EB, 4C, 8B, C7, 89, 5D, A4, EB, 45, 03, D3, 89, 9D, 60, FF, FF, FF, EB, 3B, 03, DB, 8B, CA, EB, 35, B9, 00, 45, 05, A1, 03, CF, 3B, 8D, 7C, FE, FF, FF, 75, 26, 83, C1, FD, 8B, 35, 80, C0, 43, 00, 89, 8D, D8, FE, FF, FF, 89, 9D, D8, FE, FF, FF, 3B, 3D, 34, C0, 43, 00, 75, 09, 33, C1, 8B, FB, EB, 03, 89, 75, B4, 53, 8B, 1D, 68, C0, 43, 00, 89, 9D, AC, FE, FF, FF, 56, 83, F3, E7, 8B, F3, 89, B5, AC, FE, FF, FF, 57, 33, F3, 89, B5, AC, FE, FF, FF, 8B, B5, AC, FE, FF...
 
[+]

Entropy:
7.9393

Developed / compiled with:
Microsoft Visual C++

Code size:
153.5 KB (157,184 bytes)

Scheduled Task
Task name:
Security Center Update - 1401125841

Trigger:
Daily (Runs daily at 2:00 PM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to yyz08s14-in-f27.1e100.net  (74.125.226.155:443)

TCP (HTTP):
Connects to yyz08s10-in-f4.1e100.net  (173.194.43.100:80)

TCP (HTTP SSL):
Connects to yyz08s10-in-f28.1e100.net  (173.194.43.124:443)

TCP (HTTP):
Connects to yyz08s10-in-f26.1e100.net  (173.194.43.122:80)

TCP (HTTP SSL):
Connects to yyz08s09-in-f13.1e100.net  (173.194.43.77:443)

TCP (HTTP):
Connects to tps.sj2.fastclick.net  (64.156.167.98:80)

TCP (HTTP):
Connects to t.mookie1.com  (208.71.122.1:80)

TCP (HTTP):
Connects to oasn04a.247realmedia.com  (208.71.122.194:80)

TCP (HTTP):
Connects to na.gmtdmp.com  (208.71.121.14:80)

TCP (HTTP):
Connects to media.dc6.vcmedia.com  (8.18.45.90:80)

TCP (HTTP):
Connects to jumptap.com  (209.94.144.19:80)

TCP (HTTP):
Connects to edge-star-shv-09-ord1.facebook.com  (31.13.74.128:80)

TCP (HTTP):
Connects to ec2-54-88-61-159.compute-1.amazonaws.com  (54.88.61.159:80)

TCP (HTTP):
Connects to ec2-54-85-150-195.compute-1.amazonaws.com  (54.85.150.195:80)

TCP (HTTP):
Connects to ec2-54-243-43-24.compute-1.amazonaws.com  (54.243.43.24:80)

TCP (HTTP):
Connects to ec2-54-243-178-212.compute-1.amazonaws.com  (54.243.178.212:80)

TCP (HTTP):
Connects to ec2-54-236-158-218.compute-1.amazonaws.com  (54.236.158.218:80)

TCP (HTTP):
Connects to ec2-54-236-130-99.compute-1.amazonaws.com  (54.236.130.99:80)

TCP (HTTP):
Connects to ec2-54-225-169-156.compute-1.amazonaws.com  (54.225.169.156:80)

TCP (HTTP):
Connects to ec2-54-209-172-246.compute-1.amazonaws.com  (54.209.172.246:80)

Remove ikvyo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.