home

oforxuxyu.exe

Musrunafa Visatl Studio 2010

Musrunafa Corporatien

The executable oforxuxyu.exe, “Musrunafa Visatl Studie 2010” has been detected as malware by 27 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Musrunafa Corporatien

Product:
Musrunafa® Visatl Studio® 2010

Description:
Musrunafa Visatl Studie 2010

Version:
1.7.42074.512 built by: SP1Rel

MD5:
531ad47438c5c95c9e0e41b4b72e6ccc

SHA-1:
167277814e91370e1bfc8c61311d8df89bfa02ef

SHA-256:
bdc73d739e8f8ad49046b910a99cc3aa38fb16d8509348b0c3e970cb4513441c

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/25/2024 3:22:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.463856
857

AhnLab V3 Security
Trojan/Win32.Necurs
2014.10.01

Avira AntiVirus
TR/ZbotCitadelTargeted.A.2
7.11.175.180

avast!
Win32:Malware-gen
140929-0

AVG
SHeur4
2015.0.3335

Baidu Antivirus
Trojan.Win32.Yakes
4.0.3.14102

Bitdefender
Gen:Variant.Kazy.463856
1.0.20.1365

Bkav FE
HW32.Paked
1.3.0.4959

Dr.Web
Trojan.Packed
9.0.1.0273

Emsisoft Anti-Malware
Gen:Variant.Kazy.463856
8.14.09.30.07

ESET NOD32
Win32/Kryptik.CMIA (variant)
8.10490

Fortinet FortiGate
W32/Yakes.CMIA!tr
10/2/2014

F-Secure
Gen:Variant.Kazy.463856
11.2014-30-09_3

G Data
Gen:Variant.Kazy.463856
14.9.24

K7 AntiVirus
Trojan
13.183.13535

Kaspersky
Trojan.Win32.Yakes
15.0.0.494

Malwarebytes
Spyware.Zbot.MSXGen
v2014.09.30.07

McAfee
Artemis!B2D7B35B3A67
5600.6989

Microsoft Security Essentials
PWS:Win32/Zbot
1.11005

MicroWorld eScan
Gen:Variant.Kazy.463856
15.0.0.819

nProtect
Trojan.GenericKD.1889320
14.09.30.01

Panda Antivirus
Trj/Chgt.I
14.10.02.02

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.2.14

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14928

Sophos
Mal/EncPk-AFC
4.98

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.275

Trend Micro
TROJ_FORUCON.BMC
10.465.02

File size:
274.7 KB (281,262 bytes)

Product version:
1.7.42074.512

Copyright:
© Musrunafa Corporatien. All rights reserved.

Original file name:
diminr.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\oforxuxyu.exe

File PE Metadata
Compilation timestamp:
10/31/2012 2:02:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:owTnUOg8i8o+MLMTQC6jvm1TWfYGIqp1uE9IsnFohOUI2DW:jTnUOw+MLM3xNYrqsFohOoDW

Entry address:
0x7308

Entry point:
55, 8B, EC, 81, EC, 98, 01, 00, 00, EB, 35, B8, D4, 00, 00, 00, 83, C0, B0, 89, 95, 10, FF, FF, FF, 89, B5, A4, FE, FF, FF, EB, 1F, 81, C3, 00, 04, 46, 44, 3B, 1D, 60, B0, 40, 00, 74, 11, BF, 3C, 00, 00, 00, 89, 9D, B0, FE, FF, FF, 89, BD, B0, FE, FF, FF, 53, 81, F3, 00, 00, 29, F0, EB, 06, 89, 9D, 64, FF, FF, FF, 56, B8, 80, 00, 00, 00, 89, 85, F0, FE, FF, FF, 57, 83, C0, DA, EB, 09, 83, C3, 2C, 89, 9D, BC, FE, FF, FF, 83, EB, FC, 8B, 85, F0, FE, FF, FF, 89, 9D, F0, FE, FF, FF, EB, 5E, 8B, 0D, 08, B0, 40...
 
[+]

Entropy:
7.9324

Developed / compiled with:
Microsoft Visual C++

Code size:
33.5 KB (34,304 bytes)

Scheduled Task
Task name:
Security Center Update - 1583488766

Trigger:
Daily (Runs daily at 6:00 PM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


Remove oforxuxyu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.