home

iu4nxqy.exe

Операционная система Microsoft Windows

eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheq

The executable iu4nxqy.exe has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Корпорация Майкрософт  (signed by eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheq)

Product:
Операционная система Microsoft® Windows®

Description:
Звукозапись

Version:
5.1.2600.5512 (xpsp.080413-0845)

MD5:
de676198f8d7025e915b08042a977291

SHA-1:
0ab0f37700b9d737653016029000020ae9b187c8

SHA-256:
b70647d6c8a7985e4eda4c46ba889f76d591119623b1136f38e4c38dec89ee8d

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/19/2024 4:06:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
2013.08.18

Avira AntiVirus
TR/PSW.Zbot.mey
7.11.97.32

avast!
Win32:Zbot-QIY [Trj]
2014.9-140216

AVG
PSW.Generic10
2015.0.3561

Bitdefender
Trojan.Generic.KDZ.4323
1.0.20.235

Clam AntiVirus
WIN.Spy.Zbot-2928
0.98/18155

Comodo Security
TrojWare.Win32.PSW.Zbot.FPC
16783

Dr.Web
Trojan.PWS.Panda.3414
9.0.1.047

Emsisoft Anti-Malware
Trojan.Generic.KDZ.4323
8.14.02.16.02

ESET NOD32
Win32/Spy.Zbot.AAU
8.8699

Fortinet FortiGate
W32/Zbot.AAU!tr
2/16/2014

F-Prot
W32/Falab.R.gen
v6.4.7.1.166

F-Secure
Trojan:W32/Kamala.A
11.2014-16-02_1

G Data
Trojan.Generic.KDZ.4323
14.2.22

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.0.127

K7 AntiVirus
Trojan
13.170.9312

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4302

Malwarebytes
Trojan.Zbot
v2014.02.16.02

McAfee
PWS-Zbot.gen.xd
5600.7217

Microsoft Security Essentials
PWS:Win32/Zbot.gen!AL
1.163.1557.0

MicroWorld eScan
Trojan.Generic.KDZ.4323
15.0.0.141

NANO AntiVirus
Trojan.Win32.Panda.bewuun
0.26.0.53954

Norman
ZBot.DXPK
11.20140216

nProtect
Trojan/W32.Agent.353528.C
13.08.16.03

Panda Antivirus
Trj/Zbot.M
14.02.16.02

Quick Heal
TrojanPWS.Zbot.Gen
2.14.12.00

Rising Antivirus
Trojan.Agent!4F45
23.00.65.14214

Sophos
Troj/Zbot-DOD
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-Spy
10780

Total Defense
Win32/Zbot.AN!generic
37.0.10498

Trend Micro House Call
TROJ_SIGEKAF.SM
7.2.47

Trend Micro
TROJ_FAKEAV.BMC
10.465.16

Vba32 AntiVirus
BScope.Malware-Cryptor.SB.01798
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Agent.akm
20608

XVirus List
Win.Detected
2.3.31

File size:
345.2 KB (353,528 bytes)

Product version:
5.1.2600.5512

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
sndrec32.exe

File type:
Executable application (Win32 EXE)

Language:
Russo (Russia)

Common path:
C:\Program Files\virus\iu4nxqy.exe

Digital Signature
Signed by:
eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheq

Authority:
eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheq

Valid from:
1/11/2013 7:38:56 AM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheqzdrEyrAyJEafszzeKKIwDIztytEyLACEDCxkFjDaprwLjDyxnyqeacfgMBdJGFHowGjfkhEqdsCrhGLDrCxayiFnDcLhyCjrsBxGGDjxgKtKBJiGjkHmnrIHdLKoaCwGtmgkynoImGsEDMaJznHzLhnykAknjAcIEFitfeHazcuaFjvatnKaqMlIvGenFctknozlabKKjJgLrrAsfbgcIdgmamFyhtfyelKvHCksFgCntFlHLJyKGmgBAEpoabvkJFIJidCAxdfhlIxEjmxsJBniqBkebECtGHFMqsCIhAzicpkJnMBxfyhiaKhbxeuuDuzcAzpAFrAoikDLtMvCHuulbHKHGpoDrsHlqnixbFBCcGIfeDfxgqnfHxnypbnKFmmzbfLfyGKFA

Issuer:
CN=eGajvlMEfBJqlkilLGGAaCjFaCCjIFGtzEiKjEtEsdKeiMDDsoAniDa djysiovEFqmKmyEvqGkMvbipdcozeMiuAiltGvGvaheqzdrEyrAyJEafszzeKKIwDIztytEyLACEDCxkFjDaprwLjDyxnyqeacfgMBdJGFHowGjfkhEqdsCrhGLDrCxayiFnDcLhyCjrsBxGGDjxgKtKBJiGjkHmnrIHdLKoaCwGtmgkynoImGsEDMaJznHzLhnykAknjAcIEFitfeHazcuaFjvatnKaqMlIvGenFctknozlabKKjJgLrrAsfbgcIdgmamFyhtfyelKvHCksFgCntFlHLJyKGmgBAEpoabvkJFIJidCAxdfhlIxEjmxsJBniqBkebECtGHFMqsCIhAzicpkJnMBxfyhiaKhbxeuuDuzcAzpAFrAoikDLtMvCHuulbHKHGpoDrsHlqnixbFBCcGIfeDfxgqnfHxnypbnKFmmzbfLfyGKFA

Serial number:
83E725068E91499349B8B31C29B184F0

File PE Metadata
Compilation timestamp:
1/13/2013 6:06:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:xOXev74zue74KwdTFeqr6SLFdVB43K7H9DSbqLXFF3b2nznBnOnvA:tte8lFpzZdMeAKdSzBOvA

Entry address:
0x1760

Entry point:
55, 8B, EC, 68, 00, 7F, 00, 00, 6A, 00, FF, 15, AC, 80, 40, 00, 8B, D5, 89, 15, 80, BC, 44, 00, E8, D3, FA, FF, FF, 5D, C3, CC, 55, 8B, EC, E8, 98, F9, FF, FF, A1, 88, BC, 44, 00, 50, E8, CD, F9, FF, FF, 83, C4, 04, A3, 94, BC, 44, 00, 5D, C3, CC, CC, CC, 55, 8B, EC, 81, EC, 3C, 02, 00, 00, C7, 45, E4, 7C, 30, 00, 00, C7, 85, C4, FD, FF, FF, 00, 30, 00, 00, C7, 45, E8, 40, 00, 00, 00, C7, 85, D4, FD, FF, FF, 00, 00, 00, 00, C7, 85, CC, FD, FF, FF, 00, 00, 00, 00, A1, 0C, 80, 40, 00, 89, 85, D0, FD, FF, FF...
 
[+]

Code size:
17.5 KB (17,920 bytes)

Remove iu4nxqy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.