» msiexec.exe
Overview
Analysis
File Details

msiexec.exe

The executable msiexec.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

msiexec.exe

MD5:

4e5339520a21ee32a08c949b701b334d

SHA-1:

79f893c295ffd01511c70d432e2cc7fbd4b296f6

SHA-256:

d3d902409cd0851966a5d11d8a6ff0b7b4878aeca235a4bb46abcac30f4556c7

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

5/7/2024 5:55:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.113709

804

AhnLab V3 Security

Spyware/Win32.Zbot

2014.11.14

Avira AntiVirus

TR/Injector.133632.7

7.11.185.150

avast!

Win32:Injector-CFI [Trj]

2014.9-141122

AVG

Inject2

2015.0.3282

Bitdefender

Gen:Variant.Zusy.113709

1.0.20.1630

Dr.Web

Trojan.Mayachok.18931

9.0.1.0326

Emsisoft Anti-Malware

Gen:Variant.Zusy.113709

8.14.11.22.05

ESET NOD32

Win32/Injector.BPEI (variant)

8.10723

Fortinet FortiGate

W32/Zbot.UNKH!tr

11/22/2014

F-Secure

Gen:Variant.Zusy.113709

11.2014-22-11_7

G Data

Gen:Variant.Zusy.113709

14.11.24

IKARUS anti.virus

Trojan.Win32.Inject

t3scan.1.8.3.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2906

Malwarebytes

Trojan.MalPack

v2014.11.22.05

McAfee

PWSZbot-FAFA!4E5339520A21

5600.6938

Microsoft Security Essentials

TrojanDownloader:Win32/Zemot

1.11104

MicroWorld eScan

Gen:Variant.Zusy.113709

15.0.0.978

NANO AntiVirus

Trojan.Win32.Zbot.diikpa

0.28.6.63362

Norman

Rovnix.DS

11.20141122

Panda Antivirus

Trj/Chgt.K

14.11.22.05

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.2.12

Sophos

Mal/Wonton-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zemot

10222

VIPRE Antivirus

Trojan.Win32.Generic

34782

ViRobot

Trojan.Win32.U.Agent.133632

2011.4.7.4223

File size:

130.5 KB (133,632 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\application data\windows genuine advantage\{72b3c647-4074-4588-b6a7-f9043cfcb21d}\msiexec.exe

File PE Metadata

Compilation timestamp:

10/20/2014 3:31:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:AOwvPk6ELXae6VKpkc7tixgqQ5eJGTzjyBoymW0C2pcn1EWtoQZ8m944agGf3Zy:AL3XELCCd4gqQ5eJOalmtc1EWjTPe3Zy

Entry address:

0x41A6

Entry point:

E8, 71, 24, 00, 00, E9, 79, FE, FF, FF, 90, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, DD, 40, 00, 89, 0D, 94, DD, 40, 00, 89, 15, 90, DD, 40, 00, 89, 1D, 8C, DD, 40, 00, 89, 35, 88, DD, 40, 00, 89, 3D, 84, DD, 40, 00, 66, 8C, 15, B0, DD, 40, 00, 66, 8C, 0D, A4, DD, 40, 00, 66, 8C, 1D, 80, DD, 40, 00, 66, 8C, 05, 7C, DD, 40, 00, 66, 8C, 25, 78, DD, 40, 00, 66, 8C, 2D, 74, DD, 40, 00, 9C, 8F, 05, A8, DD, 40, 00, 8B, 45, 00, A3, 9C, DD, 40, 00, 8B, 45, 04, A3, A0, DD, 40, 00, 8D, 45, 08, A3, AC, DD, 40... 
[+]

Entropy:

6.2128

Code size:

36 KB (36,864 bytes)

Remove msiexec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.