» tmp332b.exe
Overview
Analysis
File Details

tmp332b.exe

Durchtriebene7

VIRUSBLOKADA LTD.

The executable tmp332b.exe, “Produktionsaufwandes6” has been detected as malware by 6 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

tmp332b.exe

Publisher:

VIRUSBLOKADA LTD. (signed and verified)

Product:

Durchtriebene7

Description:

Produktionsaufwandes6

Version:

3.00.0006

MD5:

c59eabcf57826cd2e6264d1902e0c2ea

SHA-1:

f9c9f0c777ba72df20b438689326fd91ef261cb4

SHA-256:

487f0c4a788140d99c2e6442bbee4572c22f0b2cccd6aa6ad700c36259de6a2d

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

5/7/2024 7:52:12 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.ZBot

2014.11.20

Avira AntiVirus

TR/Boaxxe.A.384

7.11.187.176

avast!

Win32:Malware-gen

141119-1

Dr.Web

Trojan.Siggen6.23087

9.0.1.05190

Malwarebytes

Spyware.Zbot.ED

v2014.11.20.03

Quick Heal

TrojanPWS.Zbot.S3

11.14.14.00

File size:

157.4 KB (161,168 bytes)

Product version:

3.00.0006

Lesezeit

Trademarks:

Gaskreislaufsystem3

Original file name:

Kunz Münzmeisterhaus7.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Traditional, Taiwan)

Common path:

C:\ProgramData\application data\microsoft\secure\icons\temp\tmp332b.exe

Digital Signature

Signed by:

VIRUSBLOKADA LTD.

Authority:

VeriSign, Inc.

Valid from:

1/29/2010 8:00:00 AM

Valid to:

1/31/2012 7:59:59 AM

Subject:

CN=VIRUSBLOKADA LTD., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=VIRUSBLOKADA LTD., L=Minsk, S=none, C=BY

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2BEF4F72149367BCC7775D0000909C1D

File PE Metadata

Compilation timestamp:

10/7/2014 6:26:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:oW+jEF2oQE9dUhL/5OYDG6yMzVl6ODrS/:oPjEkoQdr5OV6rD6cS/

Entry address:

0x109C

Entry point:

68, 4C, 26, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, D0, 7B, AD, 78, 2E, 9A, 8C, 47, B2, 78, D8, 87, 6E, 3A, 91, 40, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 86, 50, 83, 01, 41, 75, DF, 65, 6E, 64, 61, 72, 73, 74, 65, 6C, 6C, 75, 6E, 67, 65, 6E, 34, 00, 88, 8D, EB, 02, 00, 00, 00, 00, FF, CC, 31, 00, 05, 29, 4E, 79, FD, 90, 15, E0, 46, 96, 2B, 2B, 1C, A9, 99, 69, A3, A4, BC, D9, 1B, 56, 89, B5, 44, 9A, 94, F1, D7, 71, BD, 6B, 40, 3A, 4F, AD... 
[+]

Entropy:

6.4202

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

124 KB (126,976 bytes)

Remove tmp332b.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.