» tmp8f72.exe
Overview
Analysis
File Details

tmp8f72.exe

Punto Switcher

ООО Яндекс

The executable tmp8f72.exe, “Раскладки для Punto Switcher” has been detected as malware by 32 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

tmp8f72.exe

Publisher:

ООО Яндекс

Product:

Punto Switcher

Description:

Раскладки для Punto Switcher

Version:

3, 2, 7, 84

MD5:

8ed7e597abd95b4cea53871759a47404

SHA-1:

69548ce41c7c6eaed21be623216bbd8cd9397842

SHA-256:

913615d00492422cf1c64b074347dcb2ef0601dc8e587dc1716ba11bb542151d

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

5/11/2024 12:36:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1874876

856

Agnitum Outpost

Trojan.Boaxxe

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2014.09.29

Avira AntiVirus

TR/Miuref.F.7

7.11.175.48

avast!

Win32:Malware-gen

2014.9-141002

AVG

Zbot

2015.0.3334

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.14102

Bitdefender

Trojan.GenericKD.1874876

1.0.20.1375

Comodo Security

UnclassifiedMalware

19651

Emsisoft Anti-Malware

Trojan.GenericKD.1874876

8.14.10.02.04

ESET NOD32

Win32/Boaxxe.BR

8.10479

Fortinet FortiGate

W32/Boaxxe.BR!tr

10/2/2014

F-Secure

Trojan.GenericKD.1874876

11.2014-02-10_5

G Data

Trojan.GenericKD.1874876

14.10.24

IKARUS anti.virus

Trojan.Win32.Miuref

t3scan.1.7.8.0

K7 AntiVirus

Riskware

13.183.13504

Kaspersky

Trojan.Win32.Yakes

14.0.0.3164

Malwarebytes

Spyware.Zbot.FWED

v2014.10.02.04

McAfee

PWSZbot-FABY!8ED7E597ABD9

5600.6990

Microsoft Security Essentials

Trojan:Win32/Miuref.F

1.11005

MicroWorld eScan

Trojan.GenericKD.1874876

15.0.0.825

NANO AntiVirus

Trojan.Win32.Boaxxe.dfluoc

0.28.2.62286

Norman

Heur.I

11.20141002

nProtect

Trojan.GenericKD.1874876

14.09.28.01

Panda Antivirus

Trj/CI.A

14.10.02.04

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.17563636!391525942

23.00.65.14930

Sophos

Troj/Agent-AJAP

4.98

Total Defense

Win32/Tnega.aODDPBC

37.0.11203

Trend Micro House Call

TROJ_GEN.R072C0DIN14

7.2.275

Trend Micro

TROJ_GEN.R072C0DIN14

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

33520

File size:

133.5 KB (136,704 bytes)

Product version:

3, 2, 7, 84

Trademarks:

Punto Switcher

Original file name:

layouts.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp8f72.exe

File PE Metadata

Compilation timestamp:

11/1/2014 7:30:34 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:+S08R0nLJVq4McAfY2+QWe1+CmAfLi9vN8xr1sKDCaoOjy3Wc:+S08R0nFX8fY2+miG1sKDCPOjmWc

Entry address:

0x1190

Entry point:

55, 8B, EC, 81, EC, 2C, 02, 00, 00, FF, 15, F0, 83, 41, 00, 68, 58, E0, 41, 00, FF, 15, 34, 81, 41, 00, 68, C7, 11, 00, 00, 6A, 00, FF, 15, FC, 83, 41, 00, 85, C0, 74, 07, 33, C0, E9, FF, 02, 00, 00, 8B, 85, F8, FD, FF, FF, 05, 2F, 7F, 71, 03, 3B, 85, DC, FD, FF, FF, 76, 08, 6A, 00, FF, 15, 20, 81, 41, 00, 8B, 8D, 08, FE, FF, FF, 2B, 8D, F8, FD, FF, FF, 81, F9, CF, 4A, EE, 12, 76, 06, FF, 15, F4, 83, 41, 00, 8B, 95, 00, FE, FF, FF, 03, 95, 14, FE, FF, FF, 89, 95, F8, FD, FF, FF, FF, 15, F0, 83, 41, 00, 8B... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

91 KB (93,184 bytes)

Remove tmp8f72.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.