» sysudoqail.exe
Overview
Analysis
File Details

sysudoqail.exe

The executable sysudoqail.exe has been detected as malware by 32 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

sysudoqail.exe

MD5:

c895583facb84fb403ac4206392bc497

SHA-1:

a73438dde5c829210bfd5baa29046672d55888c5

SHA-256:

f79259abdd285e9874185e3f7b7591d690fd12e424896b6538c5043e2a023c8c

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/26/2024 7:07:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12041789

827

AhnLab V3 Security

Trojan/Win32.ZBot

2014.10.31

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.11.30.172

avast!

Win32:Dropper-gen [Drp]

141025-0

AVG

Win32/Cryptor

2014.0.4040

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14112

Bitdefender

Trojan.Generic.12041789

1.0.20.1515

Bkav FE

HW32.Packed

1.3.0.6185

Clam AntiVirus

Win.Trojan.Agent-807124

0.98/21411

Comodo Security

TrojWare.Win32.Kryptik.COAW

19945

Dr.Web

Trojan.Siggen6.22973

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.12041789

8.14.10.30.07

ESET NOD32

Win32/Kryptik.COTN (variant)

8.10646

Fortinet FortiGate

W32/Kryptik.CJJL!tr

10/30/2014

F-Secure

Trojan.Generic.12041789

11.2014-30-10_5

G Data

Trojan.Generic.12041789

14.10.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13853

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3021

Malwarebytes

Trojan.FakeMS

v2014.10.30.07

McAfee

PWSZbot-FADO!C895583FACB8

5600.6961

Microsoft Security Essentials

PWS:Win32/Zbot

1.11104

nProtect

Trojan.Generic.12041789

14.10.30.01

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.2.7

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141028

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Kryptik

10267

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.306

Trend Micro

TROJ_FORUCON.BMC

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

34378

ViRobot

Dropper.S.Agent.291496

2011.4.7.4223

File size:

284.7 KB (291,496 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\sysudoqail.exe

File PE Metadata

Compilation timestamp:

7/19/2010 8:55:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:RIfb1g2r4Ha1mH0BSsE0mBTpBiNVFJb9AC5NqfU4Pw:RWRg2r51mH0BPSpMJJxA4Nclw

Entry address:

0xD6AC

Entry point:

55, 8B, EC, 81, EC, 58, 01, 00, 00, EB, 61, 03, C7, EB, 5D, 83, F3, 9B, B8, 42, 88, 68, 47, 68, 00, C5, B6, 37, 51, 68, 00, 61, 5E, 2F, 57, E8, 6B, 19, 00, 00, 83, C4, 10, EB, 3F, 81, C6, 00, 05, AA, 8D, 89, 95, A8, FE, FF, FF, F7, C6, D9, 00, 00, 00, 75, 2B, B8, A7, 00, 00, 00, 2B, F1, 89, 85, 3C, FF, FF, FF, 57, 6A, 8D, 6A, B1, 68, 00, 14, 32, 1B, 6A, 18, E8, F2, 19, 00, 00, 83, C4, 14, 56, 56, E8, 2A, 19, 00, 00, 83, C4, 08, 53, 8B, 15, 7C, 4A, 43, 00, 89, 95, 34, FF, FF, FF, 56, 89, 85, 34, FF, FF, FF... 
[+]

Entropy:

7.8871

Developed / compiled with:

Microsoft Visual C++

Code size:

100 KB (102,400 bytes)

Remove sysudoqail.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.