home

izyro.exe

SoftPerfect RAM Disk (32-bit)

SoftPerfect Research

The executable izyro.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Viwosek’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
SoftPerfect Research

Product:
SoftPerfect RAM Disk (32-bit)

Version:
1.0.0.4

MD5:
d5258d307ee4d5cea23c6a9fae2d193e

SHA-1:
5057edaff1782f81f4d62bc22b2c2ba12b86c0e6

SHA-256:
6217243e920a1a7e36c01c21c455eef83d873e3076e563fed11776606ff6c138

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
4/26/2024 11:14:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BEPP
889

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2014.08.30

Avira AntiVirus
TR/Spy.ZBot.sifgdkc
7.11.169.248

avast!
Win32:Kryptik-OCW [Trj]
140813-1

AVG
Trojan horse Crypt3.AJVL
2014.0.4015

Bitdefender
Trojan.Agent.BEPP
1.0.20.1205

Emsisoft Anti-Malware
Trojan.Agent.BEPP
9.0.0.4324

ESET NOD32
Win32/Kryptik.CIUO trojan
7.0.302.0

Fortinet FortiGate
W32/CPacker.G!tr
8/29/2014

F-Prot
W32/A-91889385
v6.4.7.1.166

F-Secure
Trojan.Agent.BEPP
11.2014-29-08_6

G Data
Trojan.Agent.BEPP
14.8.24

IKARUS anti.virus
Trojan.Win32.Yakes
t3scan.1.7.5.0

Kaspersky
Trojan-Spy.Win32.Zbot
15.0.0.494

Malwarebytes
Spyware.Zbot.VXGen
v2014.08.29.05

McAfee
PWSZbot-FBPN!D5258D307EE4
5600.7023

Microsoft Security Essentials
Threat.Undefined
1.183.900.0

MicroWorld eScan
Trojan.Agent.BEPP
15.0.0.723

NANO AntiVirus
Trojan.Win32.Zbot.ddtsbl
0.28.2.61861

nProtect
Trojan.Agent.BEPP
14.08.29.01

Panda Antivirus
Trj/Genetic.gen
14.08.29.05

Sophos
Troj/Agent-AIJT
4.98

SUPERAntiSpyware
Trojan.Agent/PWS-Zbot
10392

Total Defense
Win32/Zbot.EFEdCWC
37.0.11150

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.3

VIPRE Antivirus
Threat.4657539
32210

Zillya! Antivirus
Trojan.Zbot.Win32.163696
2.0.0.1906

File size:
366.5 KB (375,296 bytes)

Product version:
1.0.0.4

Copyright:
2009-2013 SoftPerfect Research

Original file name:
RAM Disk

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\dadiqay\izyro.exe

File PE Metadata
Compilation timestamp:
8/13/2014 8:01:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:E3FPxaYWgWvFv5MEtmgsIQYWTReG3RrcBSoRYqBgDEhB1YpYg+oL1l0A:E1xaYWRFHmeSO6Cgo1uYg+O1lr

Entry address:
0x401D

Entry point:
E8, D2, 39, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, FC, 23, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F0, 21, 41, 00, C9, C2, 08, 00, A1, 60, B0, 45, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 60, B0, 45, 00, 6A, 04, 50, E8, 3A, 3A, 00, 00, 59, 59, A3...
 
[+]

Entropy:
7.7002  (probably packed)

Code size:
66.5 KB (68,096 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Viwosek

Command:
C:\users\{user}\appdata\roaming\dadiqay\izyro.exe


Remove izyro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.