» uk.exe
Overview
Analysis
File Details

uk.exe

CAHPP

The executable uk.exe has been detected as malware by 38 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

uk.exe

Publisher:

CAHPP (signed and verified)

Version:

3, 3, 8, 1

MD5:

dec995ef0cceb8d5fafef16bd71c2e79

SHA-1:

70a7a83d132d5014c53d49eef1f187fa23006d7f

SHA-256:

36d03f87efcfbc736eacb377bcef59be11220097da6c9d0c477c681159d065bf

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/18/2024 3:20:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1648428

985

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

14.05.25

Avira AntiVirus

TR/Llac.dcrjx

7.11.150.126

avast!

Win32:Malware-gen

2014.9-140525

AVG

Autoit_c

2015.0.3463

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.14525

Bitdefender

Trojan.GenericKD.1648428

1.0.20.725

Dr.Web

Trojan.PWS.Panda.2401

9.0.1.0145

Emsisoft Anti-Malware

Trojan.GenericKD.1648428

8.14.05.25.04

ESET NOD32

Win32/Spy.Zbot.AAO

8.9822

Fortinet FortiGate

W32/Injector_Autoit.AKO!tr

5/25/2014

F-Secure

Trojan.GenericKD.1648428

11.2014-25-05_1

G Data

Trojan.GenericKD.1648428

14.5.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12128

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.3812

Malwarebytes

Trojan.Autoit

v2014.05.25.04

McAfee

Generic.sr

5600.7119

Microsoft Security Essentials

PWS:Win32/Zbot

1.10502

MicroWorld eScan

Trojan.GenericKD.1648428

15.0.0.435

Norman

Troj_Generic.TPJRN

11.20140525

nProtect

Trojan.GenericKD.1648428

14.05.19.01

Panda Antivirus

Trj/CI.A

14.05.25.04

Qihoo 360 Security

Win32/Trojan.Spy.918

1.0.0.1015

Quick Heal

TrojanPWS.AutoIt.Zbot.A

5.14.14.00

Sophos

Mal/Tiotua-G

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DDM14

7.2.145

Trend Micro

TROJ_GEN.R0CBC0DDM14

10.465.25

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29406

ViRobot

Trojan.Win32.S.Zbot.1574664

2011.4.7.4223

Zillya! Antivirus

Trojan.Zbot.Win32.154428

2.0.0.1794

File size:

1.5 MB (1,574,664 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\malware\malwaredomainlist\uk.exe

Digital Signature

Signed by:

CAHPP

Authority:

CAHPP

Valid from:

6/10/2010 9:41:25 AM

Valid to:

1/30/2035 8:41:25 AM

Subject:

CN=71720563AA, OU=Adherent, O=CAHPP, L=Paris, S=FRANCE, C=FR

Issuer:

E=reseaux@cahpp.fr, CN=AutoriteDeCertification, OU=Adherent, O=CAHPP, S=FRANCE, C=FR

Serial number:

04F5

File PE Metadata

Compilation timestamp:

1/29/2012 3:32:28 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:uJZoQrbTFZY1iaCNxiL/hL4U+qXgUUJ1Wms:utrbTA18+hLuDJ1WF

Entry address:

0x165C1

Entry point:

E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8... 
[+]

Entropy:

7.6335

Code size:

514 KB (526,336 bytes)

Remove uk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.