» reygok.exe
Overview
Analysis
File Details
Behaviors (1)

reygok.exe

PowerCmd: Command Prompt Window

PowerCmd Software

The executable reygok.exe has been detected as malware by 37 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

reygok.exe

Publisher:

PowerCmd Software

Product:

PowerCmd: Command Prompt Window

Version:

2.1.6.2

MD5:

5a2e234508b6f2dacd2fa4fba00f74c8

SHA-1:

dc13aecdc43acfa3790d0b65bc58a2e7b932d1ef

SHA-256:

54e178785a46ab0deafc6dae385f34856131bcc32d4af3ab62f812650739dfa3

Scanner detections:

37 / 68

Status:

Malware

Analysis date:

4/16/2024 5:10:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1814599

885

Agnitum Outpost

Trojan.Blocker

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2014.08.26

Avira AntiVirus

TR/Crypt.ZPACK.81375

7.11.168.126

avast!

Win32:GenMalicious-NI [Trj]

140813-1

AVG

Trojan horse Crypt3.AKUK

2014.0.4015

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.1492

Bitdefender

Trojan.GenericKD.1814599

1.0.20.1225

Bkav FE

W32.GamarueAgentL.Trojan

1.3.0.4959

Comodo Security

TrojWare.Win32.Blocker.FKS

19401

Dr.Web

Trojan.PWS.Panda.7639

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Ransom.AHF

9.0.0.4324

ESET NOD32

Win32/Spy.Zbot.ABA

8.10292

Fortinet FortiGate

W32/Blocker.CJFR!tr

9/2/2014

F-Prot

W32/A-3a5ed7eb

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1814599

11.2014-02-09_3

G Data

Trojan.GenericKD.1814599

14.9.24

IKARUS anti.virus

Trojan-Ransom.Win32.Blocker

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13125

Kaspersky

Trojan-Ransom.Win32.Blocker

15.0.0.494

Malwarebytes

Trojan.Ransom.BLK

v2014.09.02.04

McAfee

Artemis!F91A4BFB0932

5600.7019

Microsoft Security Essentials

Threat.Undefined

1.183.1287.0

MicroWorld eScan

Trojan.GenericKD.1814599

15.0.0.735

NANO AntiVirus

Trojan.Win32.Blocker.debwjh

0.28.2.61861

nProtect

Trojan.GenericKD.1814599

14.08.21.01

Panda Antivirus

Trj/Chgt.D

14.09.02.04

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.2.15

Rising Antivirus

PE:Trojan.Win32.Generic.172D6EF8!388853496

23.00.65.14831

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Ransom-Blocker

10383

Total Defense

Win32/Zbot.dQDQEFB

37.0.11158

Trend Micro House Call

Suspicious_GEN.F47V0820

7.2.245

Vba32 AntiVirus

Hoax.Blocker

3.12.26.3

VIPRE Antivirus

Threat.5064040

32210

Zillya! Antivirus

Trojan.Blocker.Win32.21065

2.0.0.1901

File size:

449.5 KB (460,288 bytes)

Product version:

2.1.6.2

Original file name:

Command Prompt Window

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\amyqvi\reygok.exe

File PE Metadata

Compilation timestamp:

8/20/2014 2:43:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:zN3tardhfJBYUPOLTEYbk+OWUZ1+kwJxpw4uKHnWV211k:zN383JBYUGvk+OW88bpwwx11k

Entry address:

0x7770

Entry point:

8B, FF, 55, 8B, EC, E8, 06, 8D, 00, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, E8, 39, 05, 01, 68, E0, 7C, 00, 01, 64, A1, 00, 00, 00, 00, 50, 83, C4, 98, 53, 56, 57, A1, D0, 60, 05, 01, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, AC, 91, 03, 01, 83, 3D, E8, 41, 07, 01, 00, 75, 0E, 6A, 00, 6A, 00, 6A, 01, 6A, 00, FF, 15, A8, 91, 03, 01, E8, 8E, 01... 
[+]

Entropy:

7.4978

Code size:

221.5 KB (226,816 bytes)

Scheduled Task

Task name:

Security Center Update - 1296861987

Trigger:

Daily (Runs daily at 1:00 PM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

Remove reygok.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.