home

msi2652.exe

The executable msi2652.exe has been detected as malware by 34 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
43bf4023c9760759b0a888624956390d

SHA-1:
cb779c65a74afb432f6850af036be142b36aa7ab

SHA-256:
f0deb902547808ecbde801e19e3e7ce6f3f880fe8c4ae582b09980bd421c78ae

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
5/8/2024 5:08:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1510539
835

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

Avira AntiVirus
TR/Kazy.3284795
7.11.137.220

avast!
Win32:Malware-gen
2014.9-141022

AVG
PSW.Generic12
2015.0.3313

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.141022

Bitdefender
Trojan.GenericKD.1510539
1.0.20.1475

Comodo Security
UnclassifiedMalware
17952

Dr.Web
Trojan.PWS.Panda.5661
9.0.1.0295

Emsisoft Anti-Malware
Trojan.GenericKD.1510539
8.14.10.22.06

ESET NOD32
Win32/Spy.Zbot.AAU
8.9559

Fortinet FortiGate
W32/Zbot.RHCJ!tr
10/22/2014

F-Secure
Trojan.GenericKD.1510539
11.2014-22-10_4

G Data
Trojan.GenericKD.1510539
14.10.24

IKARUS anti.virus
Trojan-PWS.Win32.Zbot
t3scan.2.2.29

K7 AntiVirus
Spyware
13.176.11482

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3061

Malwarebytes
Trojan.Zbot
v2014.10.22.06

McAfee
PWSZbot-FNW!43BF4023C976
5600.6969

Microsoft Security Essentials
PWS:Win32/Zbot.AJB
1.10401

MicroWorld eScan
Trojan.GenericKD.1510539
15.0.0.885

NANO AntiVirus
Trojan.Win32.Zbot.csyync
0.28.0.58491

Norman
Kryptic.AQ
11.20141022

nProtect
Trojan.GenericKD.1510539
14.03.18.01

Panda Antivirus
Generic Malware
14.10.22.06

Qihoo 360 Security
Win32/Trojan.634
1.0.0.1015

Quick Heal
TrojanPWS.Zbot
10.14.12.00

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.141020

Sophos
Mal/Cridex-F
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Kryptik
10283

Trend Micro House Call
TROJ_SPNR.15BA14
7.2.295

Trend Micro
TROJ_SPNR.15BA14
10.465.22

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.24.3

VIPRE Antivirus
Worm.Win32.Cridex.ac
27520

File size:
378 KB (387,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\msi2652.exe

File PE Metadata
Compilation timestamp:
12/4/2013 10:04:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:XxTiSL/CRrCTsYrslHzDbXi6Tq4C+anVEhGsqQP62kq5rQ:hT/LnAhDTi6TNdXhhNPR

Entry address:
0x17E6

Entry point:
55, 8B, EC, 83, EC, 38, 57, 53, 56, 6A, 00, FF, 35, 34, 38, 40, 00, FF, 15, A0, 12, 44, 00, 59, A1, 38, 35, 40, 00, A3, 38, 38, 40, 00, FF, 35, 38, 38, 40, 00, 50, FF, 35, 3C, 38, 40, 00, 50, 6A, 03, FF, 35, 40, 38, 40, 00, FF, 15, A4, 12, 44, 00, A3, CC, 35, 40, 00, FF, 35, 44, 38, 40, 00, FF, 15, E0, 10, 44, 00, A3, C8, 35, 40, 00, A1, CC, 35, 40, 00, 8B, 10, 89, 15, BC, 35, 40, 00, 68, 34, 35, 40, 00, FF, 15, 00, 11, 44, 00, A3, 3C, 35, 40, 00, 68, C0, 34, 40, 00, FF, 15, 1C, 11, 44, 00, 8D, 55, E8, 89...
 
[+]

Entropy:
4.7699

Developed / compiled with:
Microsoft Visual C++

Code size:
6 KB (6,144 bytes)

Remove msi2652.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.