home

my_cute_pet_monkey-img0012.jpg.exe

The executable my_cute_pet_monkey-img0012.jpg.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.conformis.com.
MD5:
9b14563e07d48a937fd8af11800846fe

SHA-1:
c7f8a8a1689be3d3858b55a5720a70dd92c8663c

SHA-256:
cfbcd137106d240add57036b4530f01f7fd06370761ffce198cd2a483c4e8091

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/19/2024 7:11:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.25054
327

Agnitum Outpost
Trojan.Sharik
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2014.12.09

Avira AntiVirus
TR/Inject.owlpanmw
7.11.193.163

avast!
Win32:Napolar-BB [Trj]
2014.9-160314

AVG
SHeur4
2017.0.2805

Bitdefender
Trojan.GenericKDZ.25054
1.0.20.370

Bkav FE
W32.VobfusUrbeK.Trojan
1.3.0.6267

Comodo Security
TrojWare.Win32.Injector.OWLP
20303

Dr.Web
BackDoor.Tishop.122
9.0.1.074

ESET NOD32
Win32/Injector.BCLY (variant)
10.10844

Fortinet FortiGate
W32/Injector.BCKP!tr
3/14/2016

F-Secure
Trojan.GenericKDZ.25054
11.2016-14-03_2

G Data
Trojan.GenericKDZ.25054
16.3.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.186.14270

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.519

Malwarebytes
Spyware.Zbot.ED
v2016.03.14.03

McAfee
Generic-FAUT!9B14563E07D4
5600.6461

Microsoft Security Essentials
VirTool:Win32/Injector.gen!ET
1.11202

MicroWorld eScan
Trojan.GenericKDZ.25054
17.0.0.222

NANO AntiVirus
Trojan.Win32.Zbot.cwzmxj
0.28.6.63850

Norman
Agent.BCBLJ
11.20160314

nProtect
Trojan.GenericKDZ.25054
14.12.08.01

Panda Antivirus
Trj/Genetic.gen
16.03.14.03

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.Upatre.A4
3.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.16C91976!382278006
23.00.65.16312

Sophos
Troj/Zbot-IEL
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Ursnif
9267

Total Defense
Win32/CInject.aAcBXQ
37.0.11319

Trend Micro House Call
TROJ_MALKRYP.SM1
7.2.74

Trend Micro
TROJ_MALKRYP.SM1
10.465.14

VIPRE Antivirus
Trojan.Win32.Generic
35538

ViRobot
Trojan.Win32.Inject.114688.K
2011.4.7.4223

Zillya! Antivirus
Trojan.Sharik.Win32.584
2.0.0.2000

File size:
84 KB (86,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\my_cute_pet_monkey-img0012.jpg.exe

File PE Metadata
Compilation timestamp:
4/23/2014 10:34:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
1536:M24vugZzrRaHhK4G5niBGlMtO+6RDUp5tY1AI3wuuGmxRdmbB/loAbqk:M2XBHM9niBAMYvZU1Y1AIArxOmXk

Entry address:
0x1D0C

Entry point:
55, 8B, EC, 6A, FF, E9, E4, 1B, 00, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, E8, F0, 18, 00, 00, 8B, CF, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, E8, A5, 03, 00, 00, 90, 8B, 0D, 4C, 64, 40, 00, 89, 08, E8, 17, 08, 00, 00, 90, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, C6, 09, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, 90, 90...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file my_cute_pet_monkey-img0012.jpg.exe has been seen being distributed by the following URL.

http://www.conformis.com/?vu3x02=90d522fdf586c8a

Remove my_cute_pet_monkey-img0012.jpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.