» msiexec.exe
Overview
Analysis
File Details

msiexec.exe

The executable msiexec.exe has been detected as malware by 28 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

msiexec.exe

MD5:

19921acf312b6c12a7fabe23efa60ae8

SHA-1:

d3a6aa9b1e6a3890c7d21c19efcf28f9f9b88d5d

SHA-256:

f6ad50ae87973ddd0c50422d26dfba8ff43e1ee1093cfea9f6345b426fff2095

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/19/2024 11:47:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.48381

5827180

AhnLab V3 Security

Spyware/Win32.Zbot

2014.11.23

Avira AntiVirus

TR/Injector.133632.7

7.11.188.58

avast!

Win32:Injector-CFI [Trj]

141119-1

AVG

Trojan horse Inject2.BDJX

2014.0.4189

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.141122

Bitdefender

Gen:Variant.Symmi.48381

1.0.20.1630

Dr.Web

Trojan.Packed.29442

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.48381

9.0.0.4570

ESET NOD32

Win32/Injector.BPEI trojan

7.0.302.0

Fortinet FortiGate

W32/Zbot.UNKH!tr

12/2/2014

F-Secure

Gen:Variant.Symmi.48381

11.2014-22-11_7

G Data

Gen:Variant.Symmi.48381

14.11.24

IKARUS anti.virus

Trojan.Win32.Inject

t3scan.1.8.3.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2906

Malwarebytes

Trojan.MalPack

v2014.11.22.05

McAfee

PWSZbot-FAFA!19921ACF312B

5600.6938

Microsoft Security Essentials

Threat.Undefined

1.189.509.0

MicroWorld eScan

Gen:Variant.Symmi.48381

15.0.0.978

NANO AntiVirus

Trojan.Win32.Zbot.diikpa

0.28.6.63474

Norman

Rovnix.DS

11.20141122

Panda Antivirus

Trj/Genetic.gen

14.11.22.05

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.2.12

Sophos

Mal/Wonton-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zemot

10222

VIPRE Antivirus

Trojan.Win32.Generic

34782

ViRobot

Trojan.Win32.U.Agent.133632

2011.4.7.4223

Zillya! Antivirus

Trojan.Zbot.Win32.170056

2.0.0.1991

File size:

130.5 KB (133,632 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\application data\windows genuine advantage\{96a9b705-353c-4c99-8076-6ed4b2fda908}\msiexec.exe

File PE Metadata

Compilation timestamp:

10/20/2014 3:31:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:AOwvPk6ELXae6VKpkc7tixgqQ5eJGTzjyBoymW0C2pcn1EWtoQZ8m944agGf3ZN:AL3XELCCd4gqQ5eJOalmtc1EWjTPe3ZN

Entry address:

0x41A6

Entry point:

E8, 71, 24, 00, 00, E9, 79, FE, FF, FF, 90, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, DD, 40, 00, 89, 0D, 94, DD, 40, 00, 89, 15, 90, DD, 40, 00, 89, 1D, 8C, DD, 40, 00, 89, 35, 88, DD, 40, 00, 89, 3D, 84, DD, 40, 00, 66, 8C, 15, B0, DD, 40, 00, 66, 8C, 0D, A4, DD, 40, 00, 66, 8C, 1D, 80, DD, 40, 00, 66, 8C, 05, 7C, DD, 40, 00, 66, 8C, 25, 78, DD, 40, 00, 66, 8C, 2D, 74, DD, 40, 00, 9C, 8F, 05, A8, DD, 40, 00, 8B, 45, 00, A3, 9C, DD, 40, 00, 8B, 45, 04, A3, A0, DD, 40, 00, 8D, 45, 08, A3, AC, DD, 40... 
[+]

Entropy:

6.2128

Code size:

36 KB (36,864 bytes)

Remove msiexec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.