home

tmp83b1.exe

View

The application tmp83b1.exe has been detected as a potentially unwanted program by 34 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Product:
View

Version:
1, 0, 0, 1

MD5:
886036f879981d4f16962715ecd4b3a5

SHA-1:
9c6c429b6554d0c7393c3a9acc40fed561e4141a

SHA-256:
b0ef9d9d6ca5264b6593c5ea24b1667790a6d4792b04ed89480125ca79670466

Scanner detections:
34 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 2:32:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Downloader.JQRF
856

AegisLab AV Signature
Troj.Spy.W32.Zbot
2.1.4+

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2014.10.02

Avira AntiVirus
TR/Crypt.Xpack.66017
7.11.176.28

avast!
Win32:Zbot-TWP [Trj]
140929-0

AVG
Trojan horse Inject2.AENU
2014.0.4025

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14102

Bitdefender
Trojan.Downloader.JQRF
1.0.20.1375

Dr.Web
Trojan.DownLoad3.32895
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Downloader.JQRF
14.10.02

ESET NOD32
Win32/Injector.BDPH trojan
7.0.302.0

Fortinet FortiGate
W32/Injector.BDTV!tr
10/2/2014

F-Secure
Trojan.Downloader.JQRF
11.2014-02-10_5

G Data
Trojan.Downloader.JQRF
14.10.24

IKARUS anti.virus
Trojan.Inject2
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13550

Kaspersky
Trojan-Spy.Win32.Zbot
15.0.0.494

Malwarebytes
Trojan.Zbot
v2014.10.02.04

McAfee
Generic-FAUT!886036F87998
5600.6990

Microsoft Security Essentials
Threat.Undefined
1.185.1828.0

MicroWorld eScan
Trojan.Downloader.JQRF
15.0.0.825

NANO AntiVirus
Trojan.Win32.Zbot.cxsixc
0.28.2.62440

nProtect
Trojan/W32.Inject.141836.B
14.10.01.01

Panda Antivirus
Trj/Zbot.M
14.10.02.04

Quick Heal
TrojanPWS.Zbot.AP4
10.14.14.00

Rising Antivirus
PE:Trojan.Zemot!6.19D2
23.00.65.14930

Sophos
Troj/Inject-AWY
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-RansomLock
10325

Trend Micro House Call
TROJ_ROVNIX.SMW
7.2.275

Trend Micro
TROJ_ROVNIX.SMW
10.465.02

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.3

VIPRE Antivirus
Threat.4150696
33520

Zillya! Antivirus
Trojan.Zbot.Win32.156469
2.0.0.1940

File size:
138.5 KB (141,836 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 1996

Original file name:
View .EXE

File type:
Executable application (Win32 EXE)

Language:
French (Canada)

Common path:
C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp83b1.exe

File PE Metadata
Compilation timestamp:
5/12/2014 4:02:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:e4dD/tLcO5IoLjQfmxVKdR3rfewzU83+CJ1073Gr39A/pKbRnJbwpeDO4AgtfuFk:nLjRomxVKbrfewzB3pQ73wvsEOzq/vFt

Entry address:
0xD41F

Entry point:
55, 8B, EC, 6A, FF, 68, E8, FE, 40, 00, 68, AC, D5, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 2C, E5, 40, 00, 59, 83, 0D, 5C, 27, 41, 00, FF, 83, 0D, 60, 27, 41, 00, FF, FF, 15, 28, E5, 40, 00, 8B, 0D, 50, 27, 41, 00, 89, 08, FF, 15, 8C, E5, 40, 00, 8B, 0D, 4C, 27, 41, 00, 89, 08, A1, 38, E5, 40, 00, 8B, 00, A3, 58, 27, 41, 00, E8, 46, EA, FF, FF, 39, 1D, 60, 24, 41, 00, 75, 0C, 68, A8, D5, 40, 00, FF, 15, 3C, E5...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

Remove tmp83b1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.