home

msi44524.exe

The executable msi44524.exe has been detected as malware by 37 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
a13f9bbf6d1969b3182676b4ae45bc27

SHA-1:
b14c984ea2d425f463dfb2b2be4574c877c1ef4a

SHA-256:
d35a7e69c9a0118aedefe6d62302fd2639c61f5ec2b0347e66a6220ce2cc843b

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/19/2024 5:04:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1442448
835

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
14.10.22

Avira AntiVirus
TR/PSW.Zbot.15305
7.11.145.56

avast!
Win32:Dropper-NOC [Drp]
2014.9-141022

AVG
PSW.Generic12
2015.0.3313

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.141022

Bitdefender
Trojan.GenericKD.1442448
1.0.20.1475

Bkav FE
W32.DropperLioruh.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18165

Dr.Web
Trojan.PWS.Panda.5182
9.0.1.0295

Emsisoft Anti-Malware
Trojan.GenericKD.1442448
8.14.10.22.06

ESET NOD32
Win32/Spy.Zbot.AAU
8.9720

Fortinet FortiGate
W32/Zbot.QVGP!tr
10/22/2014

F-Prot
W32/Trojan2.OBHL
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1442448
11.2014-22-10_4

G Data
Trojan.GenericKD.1442448
14.10.24

IKARUS anti.virus
Trojan-Spy.Win32.Zbot
t3scan.1.6.1.0

K7 AntiVirus
Spyware
13.176.11873

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3061

Malwarebytes
Trojan.Zbot.DNR
v2014.10.22.06

McAfee
Generic.ru
5600.6969

Microsoft Security Essentials
PWS:Win32/Zbot
1.10502

MicroWorld eScan
Trojan.GenericKD.1442448
15.0.0.885

NANO AntiVirus
Trojan.Win32.Zbot.cquvbd
0.28.0.59492

Norman
ZBot.QAFX
11.20141022

nProtect
Trojan.GenericKD.1442448
14.04.24.02

Panda Antivirus
Trj/WLT.A
14.10.22.06

Qihoo 360 Security
Win32/Trojan.BO.0dc
1.0.0.1015

Quick Heal
TrojanPWS.Zbot.AM4
10.14.12.00

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.141020

Sophos
Mal/Generic-L
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
10283

Total Defense
Win32/Zbot.HWF
37.0.10897

Trend Micro
TSPY_ZBOT.SN
10.465.22

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28592

File size:
305 KB (312,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\msi44524.exe

File PE Metadata
Compilation timestamp:
11/8/2013 3:17:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:W5RnjnmyMTh+hosdkY9oRrsMQJ/cv78GIUVDQDDAX4bbuc4:W5pKshosdkGpGSF3O

Entry address:
0x4915E

Entry point:
55, 8B, EC, 81, EC, 9C, 00, 00, 00, 53, 56, 57, C7, 05, 20, CC, 44, 00, 20, 00, 00, 00, FF, 35, 20, CC, 44, 00, FF, 15, 64, B0, 44, 00, 89, 45, D0, FF, 15, D8, B0, 44, 00, A3, B0, C9, 44, 00, FF, 15, 88, B0, 44, 00, A3, AC, C9, 44, 00, A1, B0, C9, 44, 00, A3, A0, C8, 44, 00, 8B, 45, D0, 83, C4, 04, A3, 14, CE, 44, 00, 8D, 1D, E8, CD, 44, 00, A1, 10, D0, 44, 00, 3D, 00, 00, 00, 00, 0F, 85, 05, 00, 00, 00, E9, 62, 02, 00, 00, A3, 10, D0, 44, 00, 89, 1D, 74, CF, 44, 00, FF, 35, 74, CF, 44, 00, C7, 05, 78, CF...
 
[+]

Entropy:
5.7370

Developed / compiled with:
Microsoft Visual C++

Code size:
294.5 KB (301,568 bytes)

Remove msi44524.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.