home

image-album-01-2014.jpeg.exe

The application image-album-01-2014.jpeg.exe has been detected as a potentially unwanted program by 36 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.ildispari.it.
MD5:
854ce5c972ec0413da61ceb3a2ef03db

SHA-1:
99365ea397f6c41fa19ded453f441e8221511996

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
5/18/2024 9:00:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Zboter.3
185

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Dropper/Win32.Necurs
2015.04.07

Avira AntiVirus
TR/Dropper.Gen
3.6.1.96

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160802

AVG
SHeur4
2017.0.2663

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.1682

Bitdefender
Gen:Trojan.Zboter.3
1.0.20.1075

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
21675

Dr.Web
Trojan.DownLoader4.56756
9.0.1.0215

Emsisoft Anti-Malware
Gen:Trojan.Zboter
8.16.08.02.05

ESET NOD32
Win32/Kryptik.CKAV (variant)
10.11434

Fortinet FortiGate
W32/Zbot.TYML!tr
8/2/2016

F-Secure
Gen:Trojan.Zboter.3
11.2016-02-08_3

G Data
Gen:Trojan.Zboter
16.8.25

IKARUS anti.virus
Trojan-Downloader.Win32.Carberp
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15502

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-189

Malwarebytes
Trojan.Agent.FBD
v2016.08.02.05

McAfee
Generic-FAUZ!854CE5C972EC
5600.6319

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!KK
1.1.11502.0

MicroWorld eScan
Gen:Trojan.Zboter.3
17.0.0.645

NANO AntiVirus
Trojan.Win32.Zbot.delyiz
0.30.10.952

Norman
ZBot.VMZV
11.20160802

Panda Antivirus
Trj/Chgt.E
16.08.02.05

Qihoo 360 Security
Win32/Trojan.5a8
1.0.0.1015

Quick Heal
Trojan.CeeInject.WR
8.16.14.00

Sophos
Troj/HkMain-CT
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-RootKit
8984

Total Defense
Win32/Tnega.BQLacVB
37.0.11535

Trend Micro House Call
TROJ_SPNR.06I014
7.2.215

Trend Micro
TROJ_SPNR.06I014
10.465.02

Vba32 AntiVirus
BScope.Malware-Cryptor.Hlux
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39124

Zillya! Antivirus
Trojan.ZBot.Win32.149
2.0.0.2128

File size:
176 KB (180,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\majkel\moje dokumenty\downloads\image-album-01-2014.jpeg.exe

File PE Metadata
Compilation timestamp:
7/25/2014 7:55:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:gR3VoKar0wUUhuEi3+ZP/x384ufkh/rGKxuX9fL16T:gR3VoKar0wnhuEq+Z/a4pyK0NfL16

Entry address:
0x42CA

Entry point:
55, 8B, EC, 6A, 90, 68, 90, 5A, 40, 06, 68, 44, 46, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, 90, 33, DB, 89, 5D, 90, 6A, 02, 5F, 00, FF, 15, 64, B9, 40, 25, 59, 83, 0D, F8, A7, 40, 00, FF, 83, 0D, FC, A7, 40, 00, FF, FF, 15, A0, B9, 40, 00, 8B, 0D, EC, A7, 40, 00, 89, 08, FF, 15, 7C, B9, 40, 00, 8B, 0D, E8, A7, 40, 00, 89, 08, A1, 80, B9, 40, 00, 8B, 00, A3, F4, A7, 40, 00, E8, 08, 03, 00, 00, 39, 1D, 00, A6, 40, 00, 75, 0C, 68, 40, 46, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.3 MB (2,441,216 bytes)

The file image-album-01-2014.jpeg.exe has been seen being distributed by the following URL.

http://www.ildispari.it/?gts8z1i5p=820d47c3

Remove image-album-01-2014.jpeg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.