» okysco.exe
Overview
Analysis
File Details
Behaviors (1)

okysco.exe

Maskaseft Visual Studio 2010

Maskaseft Corporation

The executable okysco.exe, “Maskaseft Visual Studie 2010” has been detected as malware by 39 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

okysco.exe

Publisher:

Maskaseft Corporation

Product:

Maskaseft® Visual Studio® 2010

Description:

Maskaseft Visual Studie 2010

Version:

1.9.43074.5121 built by: SP1Rel

MD5:

fb7d0d58dadad2274638e2a615c441b5

SHA-1:

21ce2442b1a27d39cdecdfe5f9d6d1d42dffc86c

SHA-256:

a07563cb64e73b1e9d657a79c98d9f4ecbddbfda656b914f5216ff406d21fec5

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

4/19/2024 1:53:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.46429

6204532

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2014.12.20

Avira AntiVirus

TR/Crypt.ZPACK.91692

7.11.196.234

avast!

Win32:Malware-gen

141214-1

AVG

SHeur4

2015.0.3255

Bitdefender

Gen:Variant.Symmi.46429

1.0.20.1770

Bkav FE

HW32.Packed

1.3.0.6267

Clam AntiVirus

Win.Trojan.Agent-756061

0.98/19813

Comodo Security

TrojWare.Win32.Kryptik.CHPD

20423

Dr.Web

Trojan.Siggen6.22973

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.46429

9.0.0.4668

ESET NOD32

Win32/Kryptik.CHVM trojan

7.0.302.0

Fortinet FortiGate

W32/Zbot.CHVM!tr

12/20/2014

F-Prot

W32/A-3c284875

v6.4.7.1.166

F-Secure

Gen:Variant.Symmi.46429

5.13.68

G Data

Gen:Variant.Symmi.46429

14.12.24

IKARUS anti.virus

Trojan.Win32.Kryptik

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.188.14395

Kaspersky

Trojan-Spy.Win32.Zbot

15.0.0.543

Malwarebytes

Trojan.Zbot.gen

v2014.12.20.10

McAfee

Trojan.PWSZbot-FAAV!FB7D0D58DADA

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.191.419.0

MicroWorld eScan

Gen:Variant.Symmi.46429

15.0.0.1062

NANO AntiVirus

Trojan.Win32.Zbot.ddhlkg

0.28.6.64267

Norman

Gen:Variant.Symmi.46429

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.20.10

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

FraudTool.Security

12.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141218

Sophos

Virus 'Troj/Zbot-HGR'

5.09

SUPERAntiSpyware

Trojan.Agent/Gen-FalComp

10166

Total Defense

Win32/Tnega.LTVRPJD

37.0.11339

Trend Micro House Call

TSPY_ZBOT.SMLAK

7.2.354

Trend Micro

TSPY_ZBOT.SMLAK

10.465.20

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.3

VIPRE Antivirus

Threat.4150696

35418

Zillya! Antivirus

Trojan.Zbot.Win32.162732

2.0.0.2011

File size:

295.7 KB (302,763 bytes)

Product version:

1.9.43074.5121

Original file name:

devonv.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\irusito\okysco.exe

File PE Metadata

Compilation timestamp:

9/10/2012 4:28:56 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:T1R/41CbLJ5gR0GK2B0qbApOxwuQ2MYgd9PijWm/5XONE+AwAu8EwD8Qi9Sfi+YQ:xi1CnTE0GqhpIwuQ2MYOPijZxmXAutwP

Entry address:

0xC980

Entry point:

55, 8B, EC, 81, EC, 88, 01, 00, 00, EB, 25, 83, FE, 60, 74, 20, 83, C9, BA, EB, 1B, 33, F2, 3B, 1D, 78, CA, 42, 00, 74, 11, 83, EE, 29, 8B, D0, 89, 95, 50, FF, FF, FF, 89, B5, 50, FF, FF, FF, 53, 3B, B5, 0C, FF, FF, FF, 75, 0D, 83, FE, 90, 74, 08, 2B, D6, 89, 95, FC, FE, FF, FF, 56, 83, FE, 9C, 74, 0B, B8, 67, 00, 00, 00, 89, 85, 60, FF, FF, FF, 57, 83, FA, 20, 75, 25, 81, C2, 00, 14, 10, C6, 8B, 0D, 78, CA, 42, 00, EB, 17, 83, E8, EE, 89, 5D, C8, 3B, C6, 74, 0D, EB, 0B, 83, EF, C9, EB, 06, 83, E0, AC, 89... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

136.5 KB (139,776 bytes)

Scheduled Task

Task name:

Security Center Update - 544058986

Trigger:

Daily (Runs daily at 17:00)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

Remove okysco.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.