home

newDe.exe

Reason Cover Sky

Reason Cover Inc.

The executable newDe.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.turbotesttaking.com and multiple other hosts.
Publisher:
Reason Cover Inc.

Product:
Reason Cover Sky

Version:
14.0.59.294 bell

MD5:
4c47003b341c5565afad3eaee594ee81

SHA-1:
6bfe0e3a8b75d942f83c9a89c5ca54e6ee6911dc

SHA-256:
a9bfc4cb31df8369bcaba1325f936470b274ff60c289fc1c29b83fdfeac5f784

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/19/2024 3:17:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1205812
1151

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

Avira AntiVirus
TR/Spy.ZBot.amu
7.11.117.240

avast!
Win32:Malware-gen
2014.9-131126

AVG
PSW.Generic11
2014.0.3643

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.131126

Bitdefender
Trojan.GenericKD.1205812
1.0.20.1175

Bkav FE
W32.Clod605.Trojan
1.3.0.4562

Comodo Security
TrojWare.Win32.Trojan.Agent.Gen
17386

Dr.Web
Trojan.PWS.Panda.4379
9.0.1.0330

Emsisoft Anti-Malware
Trojan.GenericKD.1205812
8.13.08.23.04

ESET NOD32
Win32/Spy.Zbot.AAU
7.9132

Fortinet FortiGate
W32/Zbot.OUGQ!tr
11/26/2013

F-Secure
Trojan.GenericKD.1205812
11.2013-26-11_3

G Data
Trojan.GenericKD.1205812
13.8.22

IKARUS anti.virus
Trojan-Spy.Win32.Zbot
t3scan.2.2.29

K7 AntiVirus
Spyware
13.174.10410

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3766

Malwarebytes
Trojan.Zbot.BT
v2013.08.23.04

McAfee
RDN/Generic PWS.y!uj
5600.7271

Microsoft Security Essentials
PWS:Win32/Zbot
1.163.1557.0

MicroWorld eScan
Trojan.GenericKD.1205812
14.0.0.705

NANO AntiVirus
Trojan.Win32.Zbot.cfzfnf
0.28.0.56582

Norman
Troj_Generic.ONECA
11.20131126

nProtect
Trojan-Spy/W32.ZBot.434176.AG
13.12.04.01

Panda Antivirus
Generic Malware
13.11.26.12

Quick Heal
TrojanPWS.Zbot
11.13.12.00

Reason Heuristics
Unnamed.Threat.55
14.3.1.0

Sophos
Mal/Generic-S
4.95

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
10886

Trend Micro House Call
TSPY_ZBOT.UFW
7.2.330

Trend Micro
TSPY_ZBOT.ATY
10.465.26

Vba32 AntiVirus
BScope.Malware-Cryptor.Zbot.2683
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
24022

ViRobot
Spyware.Zbot.434176.C
2011.4.7.4223

File size:
424 KB (434,176 bytes)

Product version:
14.0.59.294

Copyright:
(c) Reason Cover. All rights reserved.

Original file name:
newDe.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\newde.exe

File PE Metadata
Compilation timestamp:
8/22/2013 1:54:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:MZbYoJofSJptM/KCeNU0DMBN8SDubUHSlxlg8K+HCCm:8HptCeNag2Qlxi4lm

Entry address:
0x74E0

Entry point:
E8, 51, 28, 00, 00, E9, 40, FE, FF, FF, 56, 6A, 01, 68, 14, 50, 43, 00, 8B, F1, E8, D1, 28, 00, 00, C7, 06, 7C, E1, 40, 00, 8B, C6, 5E, C3, C7, 01, 7C, E1, 40, 00, E9, 2C, 29, 00, 00, 56, 8B, F1, C7, 06, 7C, E1, 40, 00, E8, 1E, 29, 00, 00, F6, 44, 24, 08, 01, 74, 07, 56, E8, 7A, 29, 00, 00, 59, 8B, C6, 5E, C2, 04, 00, 56, FF, 74, 24, 08, 8B, F1, E8, A6, 28, 00, 00, C7, 06, 7C, E1, 40, 00, 8B, C6, 5E, C2, 04, 00, 55, 8B, EC, 83, EC, 0C, EB, 0D, FF, 75, 08, E8, A2, 2B, 00, 00, 85, C0, 59, 74, 0F, FF, 75, 08...
 
[+]

Entropy:
5.9557

Code size:
52 KB (53,248 bytes)

The file newDe.exe has been seen being distributed by the following 2 URLs.

http://www.turbotesttaking.com/wmhk3Ro.exe

http://gungeartogo.socialpacific.com/Z4hG.exe

Remove newDe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.