home

roibke.exe

Microsoft Visual Studio 2010

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable roibke.exe, “Microsoft Visual Studio 2010” has been detected as malware by 39 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Visual Studio® 2010

Description:
Microsoft Visual Studio 2010

Version:
0.9.43074.5121 built by: SP1Rel

MD5:
11f36b3fc2b43bfded35ddd23c9e20fd

SHA-1:
203ee317ef8582d6839b766b4d16e6f671a60527

SHA-256:
762ef2df03c032e9c15b7fe10065777b953a128870ff8e9c873bf1745da5443f

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
4/25/2024 11:58:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Spy.Zbot.FLJ
5805142

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Win-Trojan/Zbot.281326
2015.12.01

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

Arcabit
Trojan.Spy.Zbot.FLJ
1.0.0.627

avast!
Win32:Crypt-RAV [Trj]
151024-0

AVG
Crypt3
2016.0.2909

Bitdefender
Trojan.Spy.Zbot.FLJ
1.0.20.1675

Bkav FE
HW32.Packed
1.3.0.7383

Clam AntiVirus
Win.Trojan.Zbot-33780
0.98/21117

Comodo Security
TrojWare.Win32.Zbot.CGKA
23688

Dr.Web
Trojan.Siggen6.15132
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Spy.Zbot.FLJ
10.0.0.5366

ESET NOD32
Win32/Spy.Zbot.ABA trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CGEJ!tr
12/1/2015

F-Prot
W32/Zbot.SW.gen
v6.4.7.1.166

F-Secure
Trojan.Spy.Zbot.FLJ
5.15.21

G Data
Trojan.Spy.Zbot.FLJ
15.12.25

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.212.18012

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1039

Malwarebytes
Trojan.FakeMS
v2015.12.01.06

McAfee
Trojan.PWSZbot-FBTA!11F36B3FC2B4
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.211.1398.0

MicroWorld eScan
Trojan.Spy.Zbot.FLJ
16.0.0.1005

NANO AntiVirus
Trojan.Win32.Yakes.daxqdw
0.30.26.4751

Norman
Trojan.Spy.Zbot.FLJ
28.10.2015 12:55:53

nProtect
Trojan-Spy/W32.ZBot.281326
15.11.30.01

Panda Antivirus
Trj/Genetic.gen
15.12.01.06

Qihoo 360 Security
QVM20.1.Malware.Gen
1.0.0.1077

Quick Heal
FraudTool.Security
12.15.14.00

Rising Antivirus
PE:Stealer.Zbot!6.2215 [F]
23.00.65.151129

Sophos
Virus 'Troj/Agent-AHLD'
5.15

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
9474

Total Defense
Win32/Zbot.YWMEYa
37.1.62.1

Trend Micro House Call
TROJ_MALMYST.SM
7.2.335

Trend Micro
TROJ_MALMYST.SM
10.465.01

VIPRE Antivirus
Threat.4150696
45468

Zillya! Antivirus
Trojan.Zbot.Win32.157507
2.0.0.2539

File size:
274.7 KB (281,326 bytes)

Product version:
0.9.43074.5121

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
devenv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\apecgi\roibke.exe

File PE Metadata
Compilation timestamp:
1/21/2010 12:26:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:JBi+NiF5fi+GFs+RPA1xvmaYI8g1vIEcwmMPH8Xx2+xasBjhCaz/sHUyBtoOloCh:2i+R+RP4xvaILyJMPmmabuUyBSOlJUa

Entry address:
0xAEE0

Entry point:
55, 8B, EC, 81, EC, A0, 01, 00, 00, BA, 8C, 51, 90, 80, EB, 0A, 3B, F3, 74, 06, 89, BD, 68, FE, FF, FF, 53, BB, F3, 00, 00, 00, 89, 5D, D8, 56, 89, 9D, 78, FF, FF, FF, 57, 89, 5D, 98, 83, C3, FD, 8B, 85, 78, FF, FF, FF, 6A, A2, 6A, E5, E8, 7A, 1B, 00, 00, 83, C4, 08, 89, 45, D8, 89, 5D, D8, 6A, 11, 6A, 00, FF, 15, 40, 10, 40, 00, 83, C3, 84, 89, 5D, D8, 89, 45, A0, 2B, C3, EB, 08, 2B, CB, 89, 8D, 70, FE, FF, FF, 68, AD, 21, 39, 76, FF, 15, 0C, 10, 40, 00, 89, 45, 98, 68, EC, DC, 41, 00, FF, 15, 38, 10, 40...
 
[+]

Entropy:
7.8953

Developed / compiled with:
Microsoft Visual C++

Code size:
107 KB (109,568 bytes)

Scheduled Task
Task name:
Security Center Update - 1090341458

Trigger:
Daily (Runs daily at 12:00 AM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


Remove roibke.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.