home

mingleview.exe

The application mingleview.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
MD5:
7a8ffb294bc6a0e52d775b8fae5e43a4

SHA-1:
def27ff471d085d5400ad9d6afdcba4d4c3c1073

SHA-256:
7544c0b53aa1d17c30948fd99487137e39733b7c5055a2d963e50d1bf7fdb184

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 8:28:14 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.RemoteAdmin
7.1.1

Kaspersky
not-a-virus:RemoteAdmin.Win32.WinVNC
14.0.0.3972

NANO AntiVirus
Riskware.Win32.RemoteAdmin.ccgsdt
0.28.0.59048

Trend Micro House Call
TROJ_GEN.R0CBH07D514
7.2.113

ViRobot
Trojan.Win32.A.Zbot.2663424
2011.4.7.4223

File size:
2.5 MB (2,663,424 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
7/29/2012 5:19:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:gsM0NnZ0ZPvAdbWb9r4P0DPfu1hoxvGeUAUA/J:gsM0NZ0pQbeRD3SoxvGe

Entry address:
0xF2A3

Entry point:
E8, D3, 51, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 7C, 4D, 42, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, CC, EB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, BC, EB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B...
 
[+]

Code size:
108.5 KB (111,104 bytes)

The file mingleview.exe has been seen being distributed by the following 3 URLs.

http://files.downloadnow.com/s/software/12/67/46/.../mingleview.exe

http://software-files-a.cnet.com/s/software/12/67/46/.../mingleview.exe

http://www.mingleview.com/mingleview.exe

Remove mingleview.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.