» lmzsclv.exe
Overview
Analysis
File Details

lmzsclv.exe

Passage

Additional tax - www.Passage.com

The executable lmzsclv.exe, “Pictured struggle vote Betsy dirt graph motor” has been detected as malware by 30 anti-virus scanners. This worm can steal user names and passwords by monitoring network communication, block websites, and launch a denial of service (DoS) attack.

File name:

lmzsclv.exe

Publisher:

Additional tax - www.Passage.com

Product:

Passage

Description:

Pictured struggle vote Betsy dirt graph motor

Version:

4.0.0.8

MD5:

cf72933a93360dac00d06f6a69e750d5

SHA-1:

7c75c3479d6bc174ed771db6fd1765a7fe95400a

SHA-256:

db74456ab80b14759d60ae6edf543764efc3c3e33dfaf439283c3f5af002ef13

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/26/2024 10:46:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1641607

1023

AhnLab V3 Security

Trojan/Win32.Ransomlock

14.04.18

Avira AntiVirus

TR/Dropper.A.15603

7.11.144.12

avast!

Win32:Malware-gen

2014.9-140418

AVG

Crypt3

2015.0.3501

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14418

Bitdefender

Trojan.GenericKD.1641607

1.0.20.540

Bkav FE

W32.EspetradosLTK.Trojan

1.3.0.4959

Dr.Web

BackDoor.IRC.NgrBot.449

9.0.1.0108

Emsisoft Anti-Malware

Trojan.GenericKD.1641607

8.14.04.18.03

ESET NOD32

Win32/Kryptik.BZTK (variant)

8.9690

Fortinet FortiGate

W32/Ngrbot.ADIM!worm

4/18/2014

F-Secure

Trojan.GenericKD.1641607

11.2014-18-04_6

G Data

Trojan.GenericKD.1641607

14.4.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11784

Kaspersky

Worm.Win32.Ngrbot

14.0.0.3999

Malwarebytes

Trojan.Agent.ED

v2014.04.18.03

McAfee

Artemis!CF72933A9336

5600.7157

Microsoft Security Essentials

Worm:Win32/Dorkbot.I

1.10501

MicroWorld eScan

Trojan.GenericKD.1641607

15.0.0.324

Norman

DLoader.ATMCK

11.20140418

nProtect

Trojan.GenericKD.1641607

14.04.17.03

Panda Antivirus

Generic Malware

14.04.18.03

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Sophos

Mal/Inject-EQ

4.98

Trend Micro House Call

WORM_DORKBOT.XYW

7.2.108

Trend Micro

WORM_DORKBOT.XYW

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

28320

ViRobot

Trojan.Win32.S.Agent.221184.AI

2011.4.7.4223

File size:

216 KB (221,184 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Language:

Arabic (Saudi Arabia)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lmzsclv.exe

File PE Metadata

Compilation timestamp:

4/14/2014 11:02:21 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:xa7XnPiuf8GfzzAEILGEvS40kKmgWfIR8H3MJCCA1dyfx94QjUat86yN+clxRn:oX9kG7zD8S4VVfWqmA1UfbTUF6yN+c9

Entry address:

0xDD81

Entry point:

E8, 17, 34, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 18, 31, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, A8, BC, 41, 00, 74, 12, 8B, 0D, 60, BA, 41, 00, 85, 48, 70, 75, 07, E8, 46, 3E, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 68, B9, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 60, BA, 41, 00, 85, 48, 70, 75, 08, E8, A5, 36, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A... 
[+]

Entropy:

6.5484

Code size:

91 KB (93,184 bytes)

Remove lmzsclv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.