home

instant_video_stream_play.exe

MapEditor

The executable instant_video_stream_play.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.
Product:
MapEditor

Description:
MapEditor

Version:
1, 0, 0, 1

MD5:
2795a5e911636bde822253df1203730e

SHA-1:
28c83df76adc92f8fd0dccb79c6c9e8d47a2cd5c

SHA-256:
38f001f7c8ee3451f72dfd81f9b16d43f1493fc27ad1b5f2b990ae0a613b4c1c

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
4/19/2024 11:15:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1644250
922

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2014.07.12

Avira AntiVirus
TR/TorSolar.A.48
7.11.160.46

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14727

Bitdefender
Trojan.GenericKD.1644250
1.0.20.1040

Comodo Security
UnclassifiedMalware
18843

Emsisoft Anti-Malware
Trojan.GenericKD.1644250
8.14.07.27.09

ESET NOD32
Win32/Injector.BCCF (variant)
8.10081

Fortinet FortiGate
W32/Kryptik.WIF!tr
7/27/2014

F-Secure
Trojan.GenericKD.1644250
11.2014-27-07_1

G Data
Trojan.GenericKD.1644250
14.7.24

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12683

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3496

Malwarebytes
Spyware.Zbot.ED
v2014.07.27.09

McAfee
PWSZbot-FXE!2795A5E91163
5600.7056

Microsoft Security Essentials
VirTool:Win32/Injector.gen!EU
1.10701

MicroWorld eScan
Trojan.GenericKD.1644250
15.0.0.624

NANO AntiVirus
Trojan.Win32.Weelsof.cwntrq
0.28.0.60698

Norman
Troj_Generic.TOESQ
11.20140727

nProtect
Trojan.GenericKD.1644250
14.07.11.01

Panda Antivirus
Trj/Genetic.gen
14.07.27.09

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Quick Heal
PACKER_UPX.Agent.r5
7.14.14.00

Rising Antivirus
PE:Trojan.Injector!1.9F7C
23.00.65.14725

SUPERAntiSpyware
Trojan.Agent/Gen-Symmi
10457

Vba32 AntiVirus
Trojan.Inject
3.12.26.3

ViRobot
Dropper.Agent.512512.A
2011.4.7.4223

File size:
188 KB (192,512 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2014

Original file name:
MapEditor.exe

File type:
Executable application (Win32 EXE)

Language:
Chinois (simplifié, Singapour)

Common path:
C:\users\{user}\downloads\instant_video_stream_play.exe

File PE Metadata
Compilation timestamp:
4/12/2014 7:24:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OVNZqtmnpRryFfYjzY+B5OYAUekwjo6K7+OJMDdDRgerPQwGDB4LZ:6FGFf+YJHXjYiOJM1RgiId14N

Entry address:
0x1CB9

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 4B, 40, 00, 68, EA, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 42, 40, 00, 59, 83, 0D, F4, 62, 40, 00, FF, 83, 0D, F8, 62, 40, 00, FF, FF, 15, 84, 42, 40, 00, 8B, 0D, E8, 62, 40, 00, 89, 08, FF, 15, 80, 42, 40, 00, 8B, 0D, E4, 62, 40, 00, 89, 08, A1, BC, 42, 40, 00, 8B, 00, A3, F0, 62, 40, 00, E8, E8, F2, FF, FF, 39, 1D, 00, 61, 40, 00, 75, 0C, 68, E6, 2F, 40, 00, FF, 15, 94, 42...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

The file instant_video_stream_play.exe has been seen being distributed by the following 4 URLs.

http://catalog.chaosium.com/?s9c58lfg3=048682c7571eb

https://dc718.4shared.com/download/1FbFWsrLce/.../oqkPXEORHKN

https://www.4shared.com/download/1FbFWsrLce/.../oqkPXEORHKN

http://catalog.chaosium.com/?m9hhwv7ro1qfw=5fe64695152b96a3

Remove instant_video_stream_play.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.