home

ping.exe

FileProperties_ProductName

FileProperties_CompanyName

The executable ping.exe, “FileProperties_FileDescription” has been detected as malware by 39 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
FileProperties_CompanyName

Product:
FileProperties_ProductName

Description:
FileProperties_FileDescription

Version:
1000.1000.1000.1000

MD5:
4e5c01020ee75b75398744af2dc4d8b4

SHA-1:
7f9a5e6a1ddbd36644c5c8104ecd8c388b9174ab

SHA-256:
5979d79dd54496aaf331db1fe42f16157e4bd7078352be7db185bf353e3b9934

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/27/2024 2:12:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit.N
1023

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.N
14.07.07

Avira AntiVirus
W32/Ramnit.C
7.11.144.32

avast!
Win32:RmnDrp
2014.9-140417

AVG
Win32/Zbot.G
2015.0.3501

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.14417

Bitdefender
Win32.Ramnit.N
1.0.20.535

Bkav FE
W32.Tmgrtext.PE
1.3.0.4959

Clam AntiVirus
W32.Ramnit-1
0.98/18355

Comodo Security
Virus.Win32.Ramnit.K
18123

Dr.Web
Win32.Rmnet.8
9.0.1.0107

Emsisoft Anti-Malware
Win32.Ramnit.N
8.14.04.17.11

ESET NOD32
Win32/Ramnit
8.9692

Fortinet FortiGate
W32/Ramnit.C
4/17/2014

F-Prot
W32/Ramnit.E
v6.4.7.1.166

F-Secure
Win32.Ramnit.N
11.2014-17-04_5

G Data
Win32.Ramnit
14.4.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.176.11784

Kaspersky
Virus.Win32.Nimnul
14.0.0.4000

Malwarebytes
Virus.Ramnit
v2014.04.17.11

McAfee
W32/Ramnit.a
5600.7157

Microsoft Security Essentials
Virus:Win32/Ramnit.M
1.10502

MicroWorld eScan
Win32.Ramnit.N
15.0.0.321

NANO AntiVirus
Virus.Win32.Nimnul.bmnup
0.28.0.59288

Norman
Ramnit.Y
11.20140417

nProtect
Virus/W32.SpyEye
14.04.17.03

Panda Antivirus
W32/Nimnul.A
14.04.17.11

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.BA
4.14.12.00

Rising Antivirus
PE:Win32.Mgr.b!1594784
23.00.65.14415

Sophos
W32/Ramnit-A
4.98

Total Defense
Win32/Ramnit.C
37.0.10884

Trend Micro House Call
PE_RAMNIT.DEN
7.2.107

Trend Micro
PE_RAMNIT.DEN
10.465.17

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.0

VIPRE Antivirus
Virus.Win32.Ramnit.b
28344

ViRobot
Win32.Nimnul.A
2011.4.7.4223

File size:
317.8 KB (325,467 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
FileProperties_OriginalFilename.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\ping.exe

File PE Metadata
Compilation timestamp:
1/15/2013 7:01:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:2e9iykqZvlt4k8Jkn+Aei7MxvMIdnmMq3vIAcI1:b9gqFlyNcJei7MxlIwAf

Entry address:
0x37000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, DD, B9, 01, 20, 2B, 85, 44, C1, 01, 20, 89, 85, 40, C1, 01, 20, B0, 00, 86, 85, 75, C3, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 70, C2, 01, 20, 00, 74, 33, 83, BD, 74, C2, 01, 20, 00, 74, 2A, 8B, 85, 40, C1, 01, 20, 2B, 85, 70, C2, 01, 20, 8B, 00, 89, 85, AD, C2, 01, 20, 8B, 85, 40, C1, 01, 20, 2B, 85, 74, C2, 01, 20, 8B, 00, 89, 85, B1, C2, 01, 20, EB, 61, 83, BD, 78, C2, 01, 20, 00, 74, 58, 8B, 85, 40, C1, 01, 20, 2B, 85, 78, C2, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
7.2358

Packer / compiler:
ASPack v1.08.04

Code size:
158 KB (161,792 bytes)

Remove ping.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.