» miley_cyrus_kissing_girl_video_avi.exe
Overview
Analysis
File Details
Downloads (1)

miley_cyrus_kissing_girl_video_avi.exe

The executable miley_cyrus_kissing_girl_video_avi.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com.

File name:

MD5:

7cbf5912021cfce0b2bd0fdb07071419

SHA-1:

47cf2aceeec296c29a5c3bf8818c8f9077e70059

SHA-256:

2e03ec6c20987256e66d9678369199749c05242bc22db2a966f8aeb6493dbc95

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/26/2024 12:56:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1595436

358

AhnLab V3 Security

Backdoor/Win32.Necurs

16.02.12

Avira AntiVirus

TR/Dropper.A.20510

7.11.148.126

avast!

Win32:Crypt-QRI [Trj]

2014.9-160212

AVG

BackDoor.Generic18

2017.0.2836

Baidu Antivirus

Backdoor.Win32.Napolar

4.0.3.16212

Bitdefender

Trojan.GenericKD.1595436

1.0.20.215

Comodo Security

TrojWare.Win32.Injector.AYTP

18240

Dr.Web

Trojan.Siggen6.14206

9.0.1.043

Emsisoft Anti-Malware

Trojan.GenericKD.1595436

8.16.02.12.02

ESET NOD32

Win32/Injector.AZBV (variant)

10.9775

Fortinet FortiGate

W32/Zbot.AZVY!tr

2/12/2016

F-Secure

Trojan.GenericKD.1595436

11.2016-12-02_6

G Data

Trojan.GenericKD.1595436

16.2.24

IKARUS anti.virus

Trojan.Win32.Dircrypt

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12026

Kaspersky

Backdoor.Win32.Napolar

14.0.0.674

Malwarebytes

Trojan.Inject.ED

v2016.02.12.02

McAfee

RDN/Spybot.bfr!l

5600.6492

Microsoft Security Essentials

Trojan:Win32/Napolar.A

1.10502

MicroWorld eScan

Trojan.GenericKD.1595436

17.0.0.129

NANO AntiVirus

Trojan.Win32.Weelsof.cwywya

0.28.0.59608

Norman

Troj_Generic.SXFNV

11.20160212

nProtect

Trojan.GenericKD.1595436

14.05.08.01

Panda Antivirus

Generic Malware

16.02.12.02

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.Napolar.r4

2.16.14.00

Sophos

Mal/Ransom-CE

4.98

Trend Micro House Call

TROJ_SPNR.06DP14

7.2.43

Trend Micro

TROJ_SPNR.06DP14

10.465.12

Vba32 AntiVirus

Backdoor.Napolar.po

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Zbot.ywb

29012

File size:

156 KB (159,744 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\miley_cyrus_kissing_girl_video_avi.exe

File PE Metadata

Compilation timestamp:

2/25/2014 2:40:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.0

CTPH (ssdeep):

3072:AJ4K7v8xMRq3xF/TRjmHTLmRsHL8pRIeR8ZTHLBbqR:Y17v8xZhjGvUnIK8ZTHNqR

Entry address:

0x1041

Entry point:

E9, ED, 1A, 00, 00, E8, 35, 17, 00, 00, 81, EC, C4, 00, 00, 00, 8D, 8D, 30, FF, FF, FF, E8, B0, FF, FF, FF, 83, 65, FC, 00, 8D, 8D, 30, FF, FF, FF, E8, 1B, 00, 00, 00, 83, 4D, FC, FF, 8D, 8D, 30, FF, FF, FF, E8, 0E, 15, 00, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, C9, C3, B8, F7, 27, 40, 00, E8, F0, 16, 00, 00, 81, EC, 48, 01, 00, 00, 56, 8B, F1, 6A, 00, E8, FA, 14, 00, 00, 59, 8B, CE, E8, EC, 14, 00, 00, 6A, 00, 8D, 8D, AC, FE, FF, FF, E8, B5, 06, 00, 00, 83, 65, FC, 00, 8D, 85, AC, FE, FF, FF, 8D, 8D... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

8 KB (8,192 bytes)

The file miley_cyrus_kissing_girl_video_avi.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?k3dhq3k3h7lp71ht=a93fc820bc60ed228f

Remove miley_cyrus_kissing_girl_video_avi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.