» temp3227540644.exe
Overview
Analysis
File Details

temp3227540644.exe

The executable temp3227540644.exe has been detected as malware by 17 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

temp3227540644.exe

MD5:

8c08228c0733d17335281a028045c173

SHA-1:

8822e731b699f9bbdbdabbf6e3dd166e50c643c4

SHA-256:

a56e4158fe59cccb475956eefd85dc03c8e38b6c57bc706a14f1e1585cba28f9

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/23/2024 6:26:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2036865

775

avast!

Win32:Malware-gen

2014.9-141221

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.141221

Bitdefender

Trojan.GenericKD.2036865

1.0.20.1775

Bkav FE

HW32.Packed

1.3.0.6267

Emsisoft Anti-Malware

Trojan.Zbot.INN

8.14.12.19.09

ESET NOD32

Win32/Injector.BRQA trojan

7.0.302.0

F-Secure

Gen:Variant.Kazy.520210

5.13.68

G Data

Trojan.GenericKD.2036865

14.12.24

Kaspersky

Backdoor.Win32.Hlux

15.0.0.543

Malwarebytes

Trojan.Agent

v2014.12.19.09

MicroWorld eScan

Trojan.GenericKD.2036865

15.0.0.1065

Norman

Trojan.GenericKD.2036865

11.20141221

nProtect

Trojan.GenericKD.2036865

14.12.19.01

Panda Antivirus

Generic Suspicious

14.12.21.11

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

File size:

1.3 MB (1,406,464 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\temp3227540644.exe

File PE Metadata

Compilation timestamp:

12/16/2014 10:00:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:5HeDxR/DaLY49JoTOrAHZO413+xjLrDZXlIodZ+8aP:ADrarJoTzEfD52GZTw

Entry address:

0x16815B8

Entry point:

E8, 11, 32, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 28, F1, A7, 01, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 2C, F1, A7, 01, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 4E, 20, 00, 00, 85, C0, 75, 06, B8, 90, F2, A7, 01, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 24, F0, A7, 01, A3, 8C, 8C, A8, 01, 85... 
[+]

Code size:

44 KB (45,056 bytes)

Remove temp3227540644.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.