home

miley_cyrus_kissing_katty_perry_video_avi.exe

The application miley_cyrus_kissing_katty_perry_video_avi.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.
MD5:
c987ee0759a72252302cc00164be3197

SHA-1:
6fb0fff9db5798c97165d2bc16727217d906e64f

SHA-256:
90effb4b84c6092ccfa24aa376e551aa806ac1c24fccaf841057ef9beae4f982

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:08:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.345987
272

Agnitum Outpost
Backdoor.Napolar
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2015.12.11

Arcabit
Trojan.Kazy.D54783
1.0.0.629

avast!
Win32:Malware-gen
2014.9-160508

AVG
BackDoor.Generic18
2017.0.2750

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.1658

Bitdefender
Gen:Variant.Kazy.345987
1.0.20.645

Comodo Security
UnclassifiedMalware
23732

Dr.Web
Trojan.DownLoader9.38695
9.0.1.0129

Emsisoft Anti-Malware
Gen:Variant.Kazy.345987
8.16.05.08.12

ESET NOD32
Win32/Injector.AYYI (variant)
10.12704

Fortinet FortiGate
W32/Simda.AGEZ!tr
5/8/2016

F-Secure
Gen:Variant.Kazy.345987
11.2016-08-05_1

G Data
Gen:Variant.Kazy.345987
16.5.25

IKARUS anti.virus
Trojan.Win32.Napolar
t3scan.1.9.5.0

K7 AntiVirus
Backdoor
13.212.18074

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.245

McAfee
PWSZbot-FBSS!C987EE0759A7
5600.6406

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12300.0

MicroWorld eScan
Gen:Variant.Kazy.345987
17.0.0.387

NANO AntiVirus
Trojan.Win32.Napolar.curnyc
1.0.10.5081

Panda Antivirus
Trj/Genetic.gen
16.05.08.12

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1077

Quick Heal
Trojan.Zbot.AM4
5.16.14.00

Total Defense
Win32/Tnega.MINLBJ
37.1.62.1

Trend Micro House Call
TROJ_SPNR.06C014
7.2.129

Trend Micro
TROJ_SPNR.06C014
10.465.08

Vba32 AntiVirus
SScope.Worm.Dorkbot.2113
3.12.26.4

VIPRE Antivirus
Backdoor.Win32.Simda.br
45754

Zillya! Antivirus
Trojan.Kryptik.Win32.596634
2.0.0.2557

File size:
208.5 KB (213,504 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\miley_cyrus_kissing_katty_perry_video_avi.exe

File PE Metadata
Compilation timestamp:
4/27/2011 7:53:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.1

CTPH (ssdeep):
6144:S8+ZoRoKSufyFqaR7SLusyOffdWEbady:v7Yz37a5yOfQA

Entry address:
0x103A3

Entry point:
E8, 6A, F6, FF, FF, E8, 65, F6, FF, FF, E9, 08, 20, 00, 00, C3, 74, 09, 7F, 48, 32, CB, 34, 2B, 86, 3D, CE, 36, D4, 86, 86, 3D, D4, C3, C3, 3D, 86, 2B, C3, A8, D4, 36, D4, C3, C3, 86, D4, D4, 71, 3D, CE, 36, 2B, 3D, CE, D4, C3, A8, 71, D4, D4, 36, D4, A8, CE, 3D, 2B, 2B, A8, 71, A8, 71, C3, D4, 71, CE, 3D, C3, 36, C3, 86, D4, 2B, C3, D4, CE, A8, 86, CE, 71, 71, 3D, 71, 36, CE, 36, CE, 36, 2B, CE, 71, A8, CE, 3D, A8, C3, CE, 36, 71, A8, C3, A8, 3D, 36, A8, D4, 2B, A8, D4, D4, A8, 3D, 71, 71, 86, C3, 71, 2B...
 
[+]

Packer / compiler:
Stranik 1.3 Modula/C/Pascal

Code size:
76.5 KB (78,336 bytes)

The file miley_cyrus_kissing_katty_perry_video_avi.exe has been seen being distributed by the following 3 URLs.

http://catalog.chaosium.com/?ytamh1c=eb42de

http://catalog.chaosium.com/?5frpm4vti8rw=13dc80b8f39d197f16aa9d

http://catalog.chaosium.com/?heda6nr4ms=0406bf427947792614f

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.