keymaker.exe

The executable keymaker.exe has been detected as malware by 11 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Remove keymaker.exe - Powered by Reason Core Security
MD5:
e524e65c8ef9aa605f7b169e741145a1

SHA-1:
64190d3e9bc01bdd16293ce9a4a7e32b84387f52

SHA-256:
46e1a375089d409645d61bce920025d0f07593764ca41a5c2e51a4022f580ceb

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/5/2016 1:22:58 AM UTC  (today)

Scan engine
Detection
Engine version

Antiy Labs AVL
Trojan/Win32.TSGeneric
1.0.0.1

Bkav FE
W32.Clod5f7.Trojan
1.3.0.4959

K7 AntiVirus
Riskware
13.1712333

K7 Gateway Antivirus
Riskware
13.1712333

McAfee
RDN/Generic.grp!gr
5600.7104

McAfee Web Gateway
RDN/Generic.grp!gr
7.7104

Norman
Suspicious_Gen4.ERNBG
11.20140610

Panda Antivirus
Trj/Genetic.gen
14.06.10.08

Quick Heal
Win32.PWS.Zbot.4
6.14.14.00

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
10552

ViRobot
JS.A.Iframe.49664.J
2011.4.7.4223

Remove keymaker.exe - Powered by Reason Core Security
File size:
48.5 KB (49,664 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bandicam\keymaker.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:EfOZrVAKkZgLa1cknsEjhwAQMYISSMtWnQ7Us7:EmZmmLa2qRmDMOSo7UE

Entry address:
0x20B3

Entry point:
E8, 0E, 03, 00, 00, 6A, 00, E8, C5, 02, 00, 00, A3, 10, 63, 40, 00, 68, 48, 50, 40, 00, 6A, 00, 6A, 00, E8, 9A, 02, 00, 00, E8, A7, 02, 00, 00, 3D, B7, 00, 00, 00, 74, 16, 6A, 00, 68, F5, 1E, 40, 00, 6A, 00, 6A, 64, FF, 35, 10, 63, 40, 00, E8, DE, 02, 00, 00, 50, E8, 78, 02, 00, 00, CC, CC, 55, 8B, EC, 83, C4, F4, 68, 5C, 52, 40, 00, FF, 75, 0C, 6A, 00, E8, 91, 02, 00, 00, 89, 45, FC, 50, 6A, 00, E8, 8C, 02, 00, 00, 50, E8, 8C, 02, 00, 00, 89, 45, F4, FF, 75, FC, 6A, 00, E8, 8B, 02, 00, 00, 89, 45, F8, 83...
 
[+]

Entropy:
6.3805

Code size:
5.5 KB (5,632 bytes)

Remove keymaker.exe - Powered by Reason Core Security