» soesmo.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

soesmo.exe

Musrunafm Visatl Studio 2010

Musrunafm Corporatien

The executable soesmo.exe, “Musrunafm Visatl Studie 2010” has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

soesmo.exe

Publisher:

Musrunafm Corporatien

Product:

Musrunafm® Visatl Studio® 2010

Description:

Musrunafm Visatl Studie 2010

Version:

1.7.43074.5121 built by: SP1Rel

MD5:

76b73580910ab65177b4f1881987bf8a

SHA-1:

7c540af695d98b650ba03d2a05c52d136508dcbb

SHA-256:

8c42ab8bbd838027ac1688908f69c132fc05f7c46581bb37b9b1a1ba4a6e8d6f

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/25/2024 2:37:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.460284

856

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Necurs

2014.10.02

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.176.28

avast!

Win32:Malware-gen

140929-0

AVG

Trojan horse Zbot.OFL

2014.0.4025

Bitdefender

Gen:Variant.Kazy.460284

1.0.20.1375

Bkav FE

HW32.Paked

1.3.0.4959

Clam AntiVirus

Win.Trojan.Zbot-36766

0.98/19465

Dr.Web

Trojan.Siggen6.15132

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.460284

8.14.10.02.04

ESET NOD32

Win32/Spy.Zbot.ABA

8.10497

Fortinet FortiGate

W32/Kryptik.CJJK!tr

10/2/2014

F-Prot

W32/A-fd1d4888

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.460284

11.2014-02-10_5

G Data

Gen:Variant.Kazy.460284

14.10.24

K7 AntiVirus

Backdoor

13.183.13550

Kaspersky

Trojan-Spy.Win32.Zbot

15.0.0.494

Malwarebytes

Spyware.Zbot.MSXGen

v2014.10.02.04

McAfee

PWSZbot-FADD!76B73580910A

5600.6990

Microsoft Security Essentials

Threat.Undefined

1.185.1828.0

MicroWorld eScan

Gen:Variant.Kazy.460284

15.0.0.825

NANO AntiVirus

Trojan.Win32.ZPACK.dfjzbo

0.28.2.62440

Panda Antivirus

Trj/Genetic.gen

14.10.02.04

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14930

Sophos

Troj/PWSZbot-AT

4.98

Total Defense

Win32/Zbot.WRSUOD

37.0.11209

VIPRE Antivirus

Threat.4150696

33120

Zillya! Antivirus

Trojan.ZBot.Win32.27

2.0.0.1940

File size:

274.6 KB (281,235 bytes)

Product version:

1.7.43074.5121

Original file name:

daminr.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\botypion\soesmo.exe

File PE Metadata

Compilation timestamp:

7/12/2011 10:07:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:AtAn01Jj4A2Ueo//qCSFtVUcneH+R4/f/Y2TAsz1p:SAn01JMEV//qCIgYeBfTPzX

Entry address:

0xAFEC

Entry point:

55, 8B, EC, 81, EC, 48, 02, 00, 00, B9, 47, 00, 00, 00, 89, 8D, 40, FE, FF, FF, 53, 89, 8D, 04, FE, FF, FF, 56, 89, 8D, 04, FE, FF, FF, 57, B9, DD, 00, 00, 00, 89, 8D, 04, FE, FF, FF, 89, 8D, 04, FE, FF, FF, 8D, 85, A4, FE, FF, FF, 50, FF, 15, 28, 40, 41, 00, 83, F8, 2D, 74, 3F, BA, EE, 00, 00, 00, 83, CA, 75, 3B, 85, F0, FD, FF, FF, 74, 2F, 83, E0, 01, 8B, 95, 40, FE, FF, FF, 3B, 85, 54, FE, FF, FF, 74, 1E, 89, 95, 40, FE, FF, FF, 8B, 8D, 04, FE, FF, FF, 89, 85, 40, FE, FF, FF, 89, 85, 40, FE, FF, FF, 89... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

72.5 KB (74,240 bytes)

Scheduled Task

Task name:

Security Center Update - 1415500435

Trigger:

Daily (Runs daily at 11:00)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to mrs02s05-in-f15.1e100.net (173.194.35.111:443)

Remove soesmo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.