home

tmpeb65.exe

Butterberge

Daniel Atallah

The executable tmpeb65.exe has been detected as malware by 25 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Daniel Atallah  (signed and verified)

Product:
Butterberge

Description:
Reiseabsichten

Version:
8.02.0002

MD5:
4c18d1668b251e1e22ed6d2e9842f51c

SHA-1:
e37607426a02692459d487d9e2e64c3547968e9a

SHA-256:
90026e111f90d7412b771f886d3f9dbe06661d4650f0f57a055b79653f12c15a

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/20/2024 3:38:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.48380
803

AhnLab V3 Security
Trojan/Win32.Foreign
2014.11.24

Avira AntiVirus
TR/Dropper.VB.23681
7.11.188.92

avast!
Win32:Malware-gen
2014.9-141124

AVG
Dropper.Generic9
2015.0.3281

Baidu Antivirus
Trojan.Win32.Boaxxe
4.0.3.141124

Bitdefender
Gen:Variant.Symmi.48380
1.0.20.1640

Dr.Web
Trojan.Siggen6.23087
9.0.1.0328

Emsisoft Anti-Malware
Gen:Variant.Symmi.48380
8.14.11.24.04

ESET NOD32
Win32/Boaxxe.BR
8.10769

Fortinet FortiGate
W32/Injector.BPDI!tr
11/24/2014

F-Secure
Gen:Variant.Symmi.48380
11.2014-24-11_2

G Data
Gen:Variant.Symmi.48380
14.11.24

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.3.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2899

Malwarebytes
Spyware.Zbot.ED
v2014.11.24.04

McAfee
Artemis!4C18D1668B25
5600.6937

Microsoft Security Essentials
Trojan:Win32/Miuref
1.11202

MicroWorld eScan
Gen:Variant.Symmi.48380
15.0.0.984

NANO AntiVirus
Trojan.Win32.Boaxxe.djayre
0.28.6.63474

Qihoo 360 Security
Win32/Trojan.Dropper.37e
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.141122

Sophos
Troj/VB-HWR
4.98

Trend Micro House Call
Suspicious_GEN.F47V1117
7.2.328

VIPRE Antivirus
Trojan.Win32.Generic
35070

File size:
141.8 KB (145,208 bytes)

Product version:
8.02.0002

Copyright:
Blutfahne

Trademarks:
Kriegstelegramme

Original file name:
Isolation.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\application data\microsoft\secure\icons\temp\tmpeb65.exe

Digital Signature
Signed by:
Daniel Atallah

Authority:
StartCom Ltd.

Valid from:
9/19/2012 4:48:58 AM

Valid to:
9/20/2014 6:56:51 PM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US, Description=FWg32Q3ZaA4V01lM

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
075E

File PE Metadata
Compilation timestamp:
10/2/2014 2:16:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:T7MTelGlUO+flY+oH+ob5YRXFTWJnp8YE:T7AyGlUO6O+ZGGRVTWJnFE

Entry address:
0x1344

Entry point:
68, 3C, 16, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 91, 5D, E9, 26, AC, 61, 5B, 44, 9A, 8D, 24, D2, CA, 85, C6, EB, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 61, 68, 72, 62, 65, 72, 69, 63, 68, 74, 73, 38, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 71, F1, D8, 9F, 56, 28, 27, 49, 92, BF, 95, B3, 80, DD, 60, BB, D7, 7D, 43, 3E, B0, 76, EF, 41, BC, C6, EB, C4, 24, D7, FE, 5A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.4501

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
116 KB (118,784 bytes)

Remove tmpeb65.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.