» msi21588.exe
Overview
Analysis
File Details

msi21588.exe

The executable msi21588.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

msi21588.exe

MD5:

8b84e631a9fec95c4d9434d8074e56b6

SHA-1:

f47af900e288ddc7da1f05d5e7f18310d1ec9d7b

SHA-256:

043a4ccd900bb71903894a9ea985189282d3767457d1f84cb3f33b91e183bd5e

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/26/2024 3:56:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1602408

835

AhnLab V3 Security

Trojan/Win32.Agent

14.10.22

Avira AntiVirus

TR/Crypt.ZPACK.55667

7.11.138.34

avast!

Win32:Zbot-SZR [Trj]

2014.9-141022

AVG

Zbot

2015.0.3313

Baidu Antivirus

Trojan.Win32.Necurs

4.0.3.141022

Bitdefender

Trojan.GenericKD.1602408

1.0.20.1475

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

17966

Dr.Web

Trojan.PWS.Panda.5676

9.0.1.0295

Emsisoft Anti-Malware

Trojan.GenericKD.1602408

8.14.10.22.06

ESET NOD32

Win32/Spy.Zbot.AAU

8.9569

Fortinet FortiGate

W32/Necurs.AAU!tr

10/22/2014

F-Secure

Trojan.GenericKD.1602408

11.2014-22-10_4

G Data

Trojan.GenericKD.1602408

14.10.24

IKARUS anti.virus

Trojan-Dropper.Win32.Necurs

t3scan.2.2.29

K7 AntiVirus

Spyware

13.176.11510

Kaspersky

Trojan-Dropper.Win32.Necurs

14.0.0.3061

McAfee

RDN/Generic Dropper!tz

5600.6969

Microsoft Security Essentials

PWS:Win32/Zbot

1.10401

MicroWorld eScan

Trojan.GenericKD.1602408

15.0.0.885

NANO AntiVirus

Trojan.Win32.Necurs.cuwdpl

0.28.0.58491

Norman

Suspicious_Gen4.FXRXO

11.20141022

nProtect

Trojan.GenericKD.1602408

14.03.21.01

Panda Antivirus

Generic Malware

14.10.22.06

Qihoo 360 Security

HEUR/Malware.QVM07.Gen

1.0.0.1015

Quick Heal

Trojan.Agent.and

10.14.12.00

Sophos

Mal/Cridex-F

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.295

Trend Micro

TROJ_FORUCON.BMC

10.465.22

Vba32 AntiVirus

TrojanDropper.Necurs

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27596

ViRobot

Trojan.Win32.Agent.520192.E

2011.4.7.4223

File size:

508 KB (520,192 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\msi21588.exe

File PE Metadata

Compilation timestamp:

1/7/2014 9:25:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:gLCkdK41K6QIaGwhrhJ+U8BHA5aHuMfiJti0KDJiHxBARXv8bWkrn7l9iPgknH5:gW8fQNlzOHP5fAU0kpoyt5

Entry address:

0x19E7

Entry point:

55, 8B, EC, 6A, FF, 68, 18, F6, 40, 00, 68, 67, 1B, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, AC, E1, 40, 00, 59, 83, 0D, 34, F6, 40, 00, FF, 83, 0D, 38, F6, 40, 00, FF, FF, 15, BC, E1, 40, 00, 8B, 0D, 30, F6, 40, 00, 89, 08, FF, 15, CC, E1, 40, 00, 8B, 0D, 2C, F6, 40, 00, 89, 08, A1, D8, E1, 40, 00, 8B, 00, A3, 3C, F6, 40, 00, E8, 10, 01, 00, 00, 39, 1D, 20, F6, 40, 00, 75, 0C, 68, 63, 1B, 40, 00, FF, 15, B8, E1... 
[+]

Entropy:

5.2741

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

3 KB (3,072 bytes)

Remove msi21588.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.