» temp.bin
Overview
Analysis
File Details

temp.bin

WinHex

X-Ways Software Technology AG

The file temp.bin has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

temp.bin

Publisher:

X-Ways Software Technology AG

Product:

WinHex

Version:

15.8

MD5:

3a4f112d482aee585f7d60cd6a889792

SHA-1:

5f8e7e9fb5da6d3320e92dd3aeddaa70e3f55091

SHA-256:

1fe1daa260e5a3d9e5caad9618f3252c7f065abab517880e2f9bacfe5b7d0f9b

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/25/2024 7:22:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDV.1120056

647

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Agnitum Outpost

Backdoor.Androm

7.1.1

AhnLab V3 Security

Backdoor/Win32.Androm

2014.10.22

Avira AntiVirus

TR/Agent.192512.13

7.11.180.138

avast!

Win32:Injector-BGN [Trj]

2014.9-150428

AVG

PSW.Generic11

2016.0.3125

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15428

Bitdefender

Trojan.GenericKDV.1120056

1.0.20.590

Comodo Security

TrojWare.Win32.Injector.ajof

19871

Dr.Web

Trojan.Winlock.8854

9.0.1.0118

Emsisoft Anti-Malware

Trojan.GenericKDV.1120056

8.15.04.28.04

ESET NOD32

Win32/Injector.AJTF (variant)

9.10601

Fortinet FortiGate

W32/Injector.AJDD!tr

4/28/2015

F-Secure

Trojan.GenericKDV.1120056

11.2015-28-04_3

G Data

Trojan.GenericKDV.1120056

15.4.24

IKARUS anti.virus

Trojan.Win32.Matsnu

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.184.13741

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2122

Malwarebytes

Trojan.Zbot.FV

v2015.04.28.04

McAfee

PWS-Zbot-FAXY!3A4F112D482A

5600.6781

Microsoft Security Essentials

Worm:Win32/Dorkbot.I

1.11104

MicroWorld eScan

Trojan.GenericKDV.1120056

16.0.0.354

NANO AntiVirus

Trojan.Win32.Winlock.ccgdbv

0.28.2.62841

Norman

Gamarue.BBV

11.20150428

nProtect

Trojan/W32.Agent.189440.NB

14.10.21.01

Qihoo 360 Security

Win32/Backdoor.130

1.0.0.1015

Quick Heal

Trojan.Lethic.B5

4.15.14.00

Sophos

Mal/EncPk-AKA

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zbot

9908

Trend Micro House Call

WORM_DORKBOT.BCH

7.2.118

Trend Micro

WORM_DORKBOT.BCH

10.465.28

Vba32 AntiVirus

BScope.Malware-Cryptor.Oop

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Ransom.cmc

34140

ViRobot

Worm.Win32.Ngrbot.189440

2011.4.7.4223

Zillya! Antivirus

Trojan.Injector.Win32.206300

2.0.0.1962

File size:

185 KB (189,440 bytes)

Product version:

15.8

Original file name:

WINHEX.EXE

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\temp.bin

File PE Metadata

Compilation timestamp:

7/17/2013 1:54:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:3BnvLxgnmFAi7ECIKYtebns1ellQU1UF:3BnvemjgKTLYU+

Entry address:

0x19A0

Entry point:

E8, FA, 1E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 90, DF, 40, 00, 89, 0D, 8C, DF, 40, 00, 89, 15, 88, DF, 40, 00, 89, 1D, 84, DF, 40, 00, 89, 35, 80, DF, 40, 00, 89, 3D, 7C, DF, 40, 00, 66, 8C, 15, A8, DF, 40, 00, 66, 8C, 0D, 9C, DF, 40, 00, 66, 8C, 1D, 78, DF, 40, 00, 66, 8C, 05, 74, DF, 40, 00, 66, 8C, 25, 70, DF, 40, 00, 66, 8C, 2D, 6C, DF, 40, 00, 9C, 8F, 05, A0, DF, 40, 00, 8B, 45, 00, A3, 94, DF, 40, 00, 8B, 45, 04, A3, 98, DF, 40, 00, 8D, 45, 08, A3, A4, DF, 40... 
[+]

Entropy:

6.0276

Code size:

30.5 KB (31,232 bytes)

Remove temp.bin - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.