» msotiv.exe
Overview
Analysis
File Details
Behaviors (1)

msotiv.exe

The executable msotiv.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

msotiv.exe

MD5:

f9a931481c135ad6667aaea217ba4b84

SHA-1:

803da83d1537380807cb5d05455d09073ef05062

SHA-256:

54452a82a93d9d2c4240f0455b35e078bcad83c210f8e011de1ec1af984de411

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/20/2024 2:12:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1463251

835

Agnitum Outpost

Trojan.DL.Wauchos

7.1.1

AhnLab V3 Security

Trojan/Win32.Downloader

2014.10.21

Avira AntiVirus

Worm/Gamarue.I.1359

7.11.179.192

avast!

Win32:Dropper-gen [Drp]

2014.9-141022

AVG

BackDoor.Generic18

2015.0.3313

Baidu Antivirus

Worm.Win32.Gamarue

4.0.3.141022

Bitdefender

Trojan.GenericKD.1463251

1.0.20.1475

Bkav FE

W32.Clodca6.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19854

Dr.Web

Trojan.Inject2.23

9.0.1.0295

Emsisoft Anti-Malware

Trojan.GenericKD.1463251

8.14.10.22.02

ESET NOD32

Win32/TrojanDownloader.Wauchos

8.10591

Fortinet FortiGate

W32/Androm.BJKW!tr

10/22/2014

F-Prot

W32/Trojan2.OBYC

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1463251

11.2014-22-10_4

G Data

Trojan.GenericKD.1463251

14.10.24

IKARUS anti.virus

Worm.Win32.Gamarue

t3scan.1.7.8.0

K7 AntiVirus

Trojan-Downloader

13.184.13741

Kaspersky

Backdoor.Win32.Androm

14.0.0.3062

Malwarebytes

Trojan.MSIL.CRP

v2014.10.22.02

McAfee

Generic.rx

5600.6969

Microsoft Security Essentials

Worm:Win32/Gamarue.I

1.11005

MicroWorld eScan

Trojan.GenericKD.1463251

15.0.0.885

Norman

Suspicious_Gen4.FNBTD

11.20141022

nProtect

Backdoor/W32.Androm.51712.F

14.10.19.01

Qihoo 360 Security

Win32/Backdoor.dbc

1.0.0.1015

Quick Heal

Worm.Gamarue.I.cw3

10.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.163CFC3E!373095486

23.00.65.141020

Sophos

Mal/Cridex-F

4.98

Total Defense

Win32/Gamarue.NN

37.0.11238

Trend Micro House Call

TROJ_SPNR.1ALM13

7.2.295

Trend Micro

TROJ_SPNR.1ALM13

10.465.22

Vba32 AntiVirus

SScope.Malware-Cryptor.Zbot.2613

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Cridex.tau

34096

File size:

50.5 KB (51,712 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\msotiv.exe

File PE Metadata

Compilation timestamp:

8/16/2013 5:35:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:5FOUjS8vliFp51VFjooCPzP3aklvO3OZUg5ZsWNhB03L2noCiWa65RiH0t:VRl0HVFU9iklG3aUgLrhBG2ncW7Z

Entry address:

0x15D4

Entry point:

55, 8B, EC, 83, EC, 24, 57, 53, 56, 68, E0, 74, 40, 00, FF, 15, 60, 31, 40, 00, 89, 45, E8, FF, 15, BC, 31, 40, 00, E8, 5B, FD, FF, FF, 33, FF, 03, 3D, F0, 75, 40, 00, 57, E8, DE, 00, 00, 00, B9, 58, 75, 40, 00, 89, 0D, 64, 75, 40, 00, 89, 45, F4, C7, 45, E0, 06, F5, 9F, 8E, FF, 75, E0, FF, 15, A0, 31, 40, 00, A3, 60, 75, 40, 00, 8B, 45, F4, 8B, 0D, 64, 75, 40, 00, 8B, 11, 3B, 15, 5C, 75, 40, 00, 0F, 85, 05, 00, 00, 00, E9, 09, 00, 00, 00, BA, 04, 00, 00, 00, 03, CA, EB, BD, 89, 1D, 7C, 75, 40, 00, 50, 8B... 
[+]

Entropy:

5.2062

Developed / compiled with:

Microsoft Visual C++

Code size:

8 KB (8,192 bytes)

Policies Explorer Run

Name:

31338

Remove msotiv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.