» odefi.exe
Overview
Analysis
File Details
Behaviors (1)
Network (93)

odefi.exe

Musrunafa Visatl Studio 2010

Musrunafa Corporatien

The executable odefi.exe, “Musrunafa Visatl Studie 2010” has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

odefi.exe

Publisher:

Musrunafa Corporatien

Product:

Musrunafa® Visatl Studio® 2010

Description:

Musrunafa Visatl Studie 2010

Version:

1.7.42074.512 built by: SP1Rel

MD5:

4b3e955b5efad48bedaba52b41a55cea

SHA-1:

60416dfcedb0f078a4b7b909187663112657a4e8

SHA-256:

ea22e6d8ed4ad3f4e610aebf5b0dd97b4e223692c81bed6d084e7b14870f275f

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/1/2024 11:19:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11879288

854

Agnitum Outpost

Trojan.Kryptik

7.1.1

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.176.134

avast!

Win32:Malware-gen

141003-0

AVG

Trojan horse Crypt3.ATAI

2014.0.4037

Bitdefender

Trojan.Generic.11879288

1.0.20.1380

Bkav FE

HW32.Paked

1.3.0.4959

Clam AntiVirus

Win.Trojan.11879288

0.98/21411

Dr.Web

Trojan.Siggen6.15132

9.0.1.0281

Emsisoft Anti-Malware

Trojan.Generic.11879288

8.14.10.03.04

ESET NOD32

Win32/Kryptik.CMOA (variant)

8.10507

Fortinet FortiGate

W32/Kryptik.CJJK!tr

10/8/2014

F-Secure

Trojan.Generic.11879288

11.2014-03-10_6

G Data

Trojan.Generic.11879288

14.10.24

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.1.7.8.0

K7 AntiVirus

Riskware

13.183.13611

Kaspersky

Trojan.Win32.Yakes

15.0.0.494

Malwarebytes

Spyware.Zbot.MSXGen

v2014.10.03.04

McAfee

PWSZbot-FADO!4B3E955B5EFA

5600.6988

Microsoft Security Essentials

Threat.Undefined

1.185.2106.0

MicroWorld eScan

Trojan.Generic.11879288

15.0.0.828

NANO AntiVirus

Trojan.Win32.XPACK.dgazlk

0.28.2.62483

nProtect

Trojan.Generic.11879288

14.10.07.01

Panda Antivirus

Trj/Genetic.gen

14.10.08.12

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.8.0

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141001

Sophos

Mal/EncPk-AFC

4.98

Total Defense

Win32/Zbot.IePEWZD

37.0.11214

VIPRE Antivirus

Threat.4150696

33624

File size:

274.2 KB (280,746 bytes)

Product version:

1.7.42074.512

Original file name:

diminr.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\usanbauf\odefi.exe

File PE Metadata

Compilation timestamp:

7/23/2010 12:28:56 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:/iuoW7xy5YjZt1ICOQOpm98krsYtFTiSSM1Xj29r9JHLr:/iuofY31HX98udTiS1TahJHLr

Entry address:

0x6CC8

Entry point:

55, 8B, EC, 81, EC, B8, 01, 00, 00, EB, 0D, BA, E5, 00, 00, 00, 33, D1, 89, 95, E0, FE, FF, FF, 53, 89, 55, 88, 56, B9, 95, 00, 00, 00, 89, 4D, 88, 57, 0B, D1, 89, 55, 88, B9, 7D, 00, 00, 00, 81, E1, 00, C2, D0, 00, 89, 4D, 88, FF, 15, B4, 35, 44, 00, 89, 45, 88, 3D, 2B, 8E, 00, 00, 0F, 84, B2, 01, 00, 00, BA, BD, EA, 00, 00, 03, D0, 89, 55, 88, B8, 67, 00, 00, 00, 89, 45, 88, 33, D0, B9, 32, 82, 14, 88, 89, 4D, 88, EB, 73, 2B, CA, B8, 2F, 56, 00, 00, F7, C1, 52, 00, 00, 00, 74, 64, 33, C1, 83, F9, AD, 74... 
[+]

Entropy:

7.8757

Developed / compiled with:

Microsoft Visual C++

Code size:

38.5 KB (39,424 bytes)

Scheduled Task

Task name:

Security Center Update - 2299052409

Trigger:

Daily (Runs daily at 4:00 PM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to vip1.g.cachefly.net (205.234.175.175:443)

TCP (HTTP):

Connects to utsapi-adcom-mtc.evip.aol.com (64.12.68.22:80)

TCP (HTTP):

Connects to thecelebritycafe.net (66.135.63.250:80)

TCP (HTTP):

Connects to static.83.112.40.188.clients.your-server.de (188.40.112.83:80)

TCP (HTTP):

Connects to sl-m-redir-adcom-mtc.evip.aol.com (64.12.68.38:80)

TCP (HTTP):

Connects to server-54-230-39-97.jfk1.r.cloudfront.net (54.230.39.97:80)

TCP (HTTP):

Connects to server-54-230-39-185.jfk1.r.cloudfront.net (54.230.39.185:80)

TCP (HTTP):

Connects to server-54-230-38-198.jfk1.r.cloudfront.net (54.230.38.198:80)

TCP (HTTP):

Connects to server-54-230-38-136.jfk1.r.cloudfront.net (54.230.38.136:80)

TCP (HTTP):

Connects to server-54-230-36-23.jfk1.r.cloudfront.net (54.230.36.23:80)

TCP (HTTP):

Connects to server-54-192-39-110.jfk1.r.cloudfront.net (54.192.39.110:80)

TCP (HTTP):

Connects to server-54-192-38-66.jfk1.r.cloudfront.net (54.192.38.66:80)

TCP (HTTP):

Connects to s3-1.amazonaws.com (54.231.8.16:80)

TCP (HTTP):

Connects to qh-in-f155.1e100.net (74.125.22.155:80)

TCP (HTTP):

Connects to qa-in-f95.1e100.net (173.194.68.95:80)

TCP (HTTP):

Connects to ny1-g015.intellitxt.com (199.16.172.25:80)

TCP (HTTP):

Connects to ny1-g014.intellitxt.com (199.16.172.22:80)

TCP (HTTP):

Connects to mpr1.ngd.vip.bf1.yahoo.com (98.139.225.42:80)

TCP (HTTP):

Connects to map2.hwcdn.net (205.185.216.10:80)

TCP (HTTP SSL):

Connects to iad23s26-in-f8.1e100.net (173.194.121.40:443)

Remove odefi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.