» msiexec.exe
Overview
Analysis
File Details

msiexec.exe

The executable msiexec.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

msiexec.exe

MD5:

7d758cf7569396cca6e1bfcb7f671809

SHA-1:

a8ea2b21ffc3d8b2a30396c1a0db77f71f69ed1a

SHA-256:

2f384de9411b45688ae7467999d816915f83bdb4f54daa636464cb3d54754332

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 10:08:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.26325

804

AhnLab V3 Security

Trojan/Win32.Necurs

2014.11.12

Avira AntiVirus

TR/Crypt.ZPACK.Gen4

7.11.184.152

avast!

Win32:Rovnix-W [Cryp]

2014.9-141122

AVG

Inject2

2015.0.3282

Bitdefender

Trojan.GenericKDZ.26325

1.0.20.1630

Dr.Web

Trojan.Mayachok.18921

9.0.1.0326

Emsisoft Anti-Malware

Trojan.GenericKDZ.26325

8.14.11.22.05

ESET NOD32

Win32/Injector.BOVS (variant)

8.10709

Fortinet FortiGate

W32/Zbot.UNFL!tr

11/22/2014

F-Secure

Trojan.GenericKDZ.26325

11.2014-22-11_7

G Data

Trojan.GenericKDZ.26325

14.11.24

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2906

Malwarebytes

Trojan.Agent.ED

v2014.11.22.05

Microsoft Security Essentials

TrojanDownloader:Win32/Zemot.A

1.11104

MicroWorld eScan

Trojan.GenericKDZ.26325

15.0.0.978

Norman

Zemot.D

11.20141122

nProtect

Trojan.GenericKDZ.26325

14.11.11.01

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

11.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.179DA256!396206678

23.00.65.141120

Sophos

Troj/Agent-AJXK

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Renos

10222

Total Defense

Win32/Carberp.OTPOCGC

37.0.11275

VIPRE Antivirus

Trojan.Win32.Generic

34714

ViRobot

Trojan.Win32.U.Agent.178688.D

2011.4.7.4223

File size:

174.5 KB (178,688 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\ProgramData\application data\windows genuine advantage\{61fc4f10-0ba5-41fe-be52-f56f1165ee7f}\msiexec.exe

File PE Metadata

Compilation timestamp:

10/19/2014 12:04:17 PM

OS version:

1.1

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.255

CTPH (ssdeep):

3072:QaZ14yUgBntNlgwX5p4tXr1KNLCnqxwX5p4tXr1KNLCj:QaZ141gplgISt71AjISt71As

Entry address:

0x3DB2

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3080

Code size:

28 KB (28,672 bytes)

Remove msiexec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.