» piykcau.exe
Overview
Analysis
File Details
Behaviors (1)
Network (45)

piykcau.exe

The executable piykcau.exe has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

piykcau.exe

MD5:

f231ef93f3f95af2014d74f682e5e882

SHA-1:

2299023f685123a0f3414c9ed93ad5d3d4de1671

SHA-256:

996a5c164e97f060d6f3f82413d45ea5276dbed2481dbb175d8b84f33a08908c

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/18/2024 5:40:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1812082

887

Agnitum Outpost

Trojan.Blocker

7.1.1

AhnLab V3 Security

Trojan/Win32.Necurs

2014.08.21

Avira AntiVirus

TR/Rogue.368640.15

7.11.168.126

avast!

Win32:Malware-gen

140813-1

AVG

Zbot

2015.0.3365

Bitdefender

Trojan.GenericKD.1812082

1.0.20.1215

Dr.Web

Trojan.KillProc.32475

9.0.1.0243

Emsisoft Anti-Malware

Trojan.GenericKD.1812082

8.14.08.31.02

ESET NOD32

Win32/Spy.Zbot.ABA

8.10275

Fortinet FortiGate

W32/Blocker.ABA!tr

8/31/2014

F-Secure

Trojan.GenericKD.1812082

11.2014-31-08_1

G Data

Trojan.GenericKD.1812082

14.8.24

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.7.5.0

K7 AntiVirus

Riskware

13.183.13125

Kaspersky

Trojan-Ransom.Win32.Blocker

14.0.0.3322

Malwarebytes

Spyware.Password

v2014.08.31.02

McAfee

RDN/Generic PWS.y!b2s

5600.7021

Microsoft Security Essentials

PWS:Win32/Zbot

1.10903

MicroWorld eScan

Trojan.GenericKD.1812082

15.0.0.729

NANO AntiVirus

Trojan.Win32.Blocker.ddyizn

0.28.2.61721

nProtect

Trojan.GenericKD.1812082

14.08.21.01

Panda Antivirus

Trj/Chgt.D

14.08.31.02

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.31.14

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14816

Sophos

Troj/Zbot-IUD

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zbot

10388

Trend Micro House Call

TROJ_GEN.R0CBB01HK14

7.2.243

VIPRE Antivirus

Trojan.Win32.Generic

32412

File size:

360 KB (368,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\viopmiu\piykcau.exe

File PE Metadata

Compilation timestamp:

8/18/2014 10:41:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:6QY5HwTG1DMbjziVSVTz9fj4CgURV4KQcXCz/lzb/7Gxzcfswg0:lTG1DBSPjVicS5zb/79+

Entry address:

0x656B

Entry point:

E8, 7D, 44, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, AC, E6, 43, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 3C, E1, 43, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A0, 77, 45, 00, 89, 0D, 9C, 77, 45, 00, 89, 15, 98, 77, 45, 00, 89, 1D, 94, 77, 45, 00, 89, 35, 90, 77, 45, 00, 89, 3D... 
[+]

Entropy:

7.5798

Code size:

242 KB (247,808 bytes)

Scheduled Task

Task name:

Security Center Update - 2941043376

Trigger:

Daily (Runs daily at 4:00 PM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-38-215.jfk1.r.cloudfront.net (54.230.38.215:80)

TCP (HTTP):

Connects to server-205-251-251-104.jfk5.r.cloudfront.net (205.251.251.104:80)

TCP (HTTP):

Connects to reserved-99.euroclick.com (193.149.47.99:80)

TCP (HTTP):

Connects to ox-173-241-242-12.xv.dc.openx.org (173.241.242.12:80)

TCP (HTTP):

Connects to mc.yandex.ru (87.250.250.119:80)

TCP (HTTP):

Connects to lga15s43-in-f26.1e100.net (74.125.226.58:80)

TCP (HTTP):

Connects to lga15s43-in-f13.1e100.net (74.125.226.45:80)

TCP (HTTP):

Connects to lga15s35-in-f28.1e100.net (173.194.43.60:80)

TCP (HTTP):

Connects to lga15s35-in-f13.1e100.net (173.194.43.45:80)

TCP (HTTP):

Connects to ip188.67-202-66.static.steadfastdns.net (67.202.66.188:80)

TCP (HTTP):

Connects to float.1963.bm-impbus.prod.nym2.adnexus.net (68.67.152.89:80)

TCP (HTTP):

Connects to float.1960.bm-impbus.prod.nym2.adnexus.net (68.67.153.82:80)

TCP (HTTP):

Connects to float.1938.bm-impbus.prod.nym2.adnexus.net (68.67.153.56:80)

TCP (HTTP):

Connects to float.1937.bm-impbus.prod.nym2.adnexus.net (68.67.153.66:80)

TCP (HTTP):

Connects to float.1387.bm-impbus.prod.nym2.adnexus.net (68.67.152.83:80)

TCP (HTTP):

Connects to float.1376.bm-impbus.prod.nym2.adnexus.net (68.67.152.72:80)

TCP (HTTP):

Connects to float.1251.bm-impbus.prod.nym2.adnexus.net (68.67.152.116:80)

TCP (HTTP):

Connects to float.1242.bm-impbus.prod.nym2.adnexus.net (68.67.152.107:80)

TCP (HTTP):

Connects to ec2-54-243-77-3.compute-1.amazonaws.com (54.243.77.3:80)

TCP (HTTP):

Connects to ec2-54-243-208-111.compute-1.amazonaws.com (54.243.208.111:80)

Remove piykcau.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.