home

tewihy.exe

Ensiem Corporatu

The executable tewihy.exe, “Ensiem Visatl Studie 2020” has been detected as malware by 28 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Ensiem Corporatu

Description:
Ensiem Visatl Studie 2020

Version:
8.32.23219.51816

MD5:
56542862ef638791e17c9ff82be7473f

SHA-1:
248a5410c09292e530286b3af5e4e78fb328ee4f

SHA-256:
1f67b97bf3bde1549066f1bac3c61933e28cd0688e744e86160e166fe00cf45a

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
4/23/2024 9:31:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12359539
6205011

AhnLab V3 Security
Trojan/Win32.Necurs
2014.12.20

Avira AntiVirus
TR/Crypt.ZPACK.Gen
7.11.30.172

avast!
Win32:Dropper-gen [Drp]
141214-1

AVG
Win32/Cryptor
2014.0.4235

Baidu Antivirus
Trojan.Win32.Kryptik
4.0.3.141221

Bitdefender
Trojan.Generic.12359539
1.0.20.1770

Comodo Security
UnclassifiedMalware
20415

Dr.Web
Trojan.PWS.Panda.7719
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.12359539
9.0.0.4668

ESET NOD32
Win32/Kryptik.CTHY trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CSQU!tr
12/20/2014

F-Secure
Trojan.Generic.12359539
5.13.68

G Data
Trojan.Generic.12359539
14.12.24

Kaspersky
Trojan-Spy.Win32.Zbot
15.0.0.543

Malwarebytes
Trojan.Zemot
v2014.12.20.08

McAfee
Trojan.MysticCompressor!56542862EF63
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.419.0

MicroWorld eScan
Trojan.Generic.12359539
15.0.0.1062

Norman
Trojan.Generic.12359539
04.12.2014 14:30:06

nProtect
Trojan.Generic.12359539
14.12.19.01

Panda Antivirus
Trj/Genetic.gen
14.12.20.08

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.21.23

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_FORUCON.BME
7.2.355

Trend Micro
TROJ_FORUCON.BME
10.465.21

VIPRE Antivirus
Threat.4150696
35418

File size:
494.1 KB (505,924 bytes)

Product version:
8.32.23219.51816

Original file name:
baesh.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\quozug\tewihy.exe

File PE Metadata
Compilation timestamp:
2/12/2010 3:52:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:jag8wNRWn0ixPj/dnhACkV3/szZu2iekepwjBIce:jGBDdaVhUx

Entry address:
0x4A3C

Entry point:
55, 8B, EC, 81, EC, 20, 01, 00, 00, B9, 00, 00, 00, 00, 89, 4D, C4, 53, 8B, 45, C4, 89, 85, EC, FE, FF, FF, 56, 8B, 4D, C4, 33, C8, 89, 4D, C8, 57, 8B, C8, 3D, 20, 88, 00, 00, 74, 1F, 8B, B5, EC, FE, FF, FF, 83, C6, 2A, 3B, F0, 75, 12, 8B, 1D, 04, E0, 40, 00, 83, C1, E6, 89, 75, C8, 89, 5D, C4, 89, 4D, C4, 83, F1, AD, 89, 8D, 44, FF, FF, FF, 68, 04, E0, 40, 00, FF, 15, 04, 81, 40, 00, 3B, 05, A0, E0, 40, 00, 74, 05, 2B, DE, 89, 5D, 90, 89, 85, 04, FF, FF, FF, 3B, 05, 04, E0, 40, 00, 74, 5C, 35, 00, B4, 48...
 
[+]

Entropy:
6.5956

Developed / compiled with:
Microsoft Visual C++

Code size:
27.5 KB (28,160 bytes)

Scheduled Task
Task name:
Security Center Update - 3162103098

Trigger:
Daily (Runs daily at 3:00 PM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


Remove tewihy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.