» updateflashplayer_21db6750.exe
Overview
Analysis
File Details

updateflashplayer_21db6750.exe

Binary Fortress Software

The executable updateflashplayer_21db6750.exe, “Ak7Kc37r4U 90adddef” has been detected as malware by 17 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Binary Fortress Software

Description:

Ak7Kc37r4U 90adddef

Version:

3 2 10005 10005

MD5:

a11ea6e92e3cd1191fd49c2dc43a1a54

SHA-1:

87c9d0045284743d37264bbc95ff35ca206b60cd

SHA-256:

45dfab8bb2a63f717ec6955298c6153097212af86ca872f76efd6396a0f378ba

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/25/2024 2:00:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.46703

865

AhnLab V3 Security

Trojan/Win32.Necurs

2014.09.23

avast!

Win32:Dropper-gen [Drp]

2014.9-140922

AVG

Crypt3

2015.0.3343

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14922

Bitdefender

Gen:Variant.Symmi.46703

1.0.20.1325

Bkav FE

HW32.Paked

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Symmi.46703

8.14.09.22.01

ESET NOD32

Win32/Kryptik.CLQZ (variant)

8.10447

F-Secure

Gen:Variant.Symmi.46703

11.2014-22-09_2

G Data

Gen:Variant.Symmi.46703

14.9.24

K7 AntiVirus

Trojan

13.183.13432

Microsoft Security Essentials

PWS:Win32/Zbot

1.11005

MicroWorld eScan

Gen:Variant.Symmi.46703

15.0.0.795

nProtect

Trojan.GenericKD.1872900

14.09.22.01

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1H09IM14

7.2.265

File size:

336.5 KB (344,576 bytes)

Product version:

3 2 10005 10005

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\updateflashplayer_21db6750.exe

File PE Metadata

Compilation timestamp:

9/20/2014 11:12:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:JB2iMA9ZS7WMvZri8dDmHnf2ySVTvsBw2TVwXgBq0nJO94:J8iMi4WMv88oHnoRvsGgBqIb

Entry address:

0x14230

Entry point:

55, 8B, EC, 6A, FF, 68, E8, 53, 41, 00, 68, 20, 44, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 28, 50, 41, 00, 59, 83, 0D, 64, DB, 5F, 00, FF, 83, 0D, 68, DB, 5F, 00, FF, FF, 15, 44, 50, 41, 00, 8B, 0D, 60, DB, 5F, 00, 89, 08, FF, 15, 20, 50, 41, 00, 8B, 0D, 5C, DB, 5F, 00, 89, 08, A1, 1C, 50, 41, 00, 8B, 00, A3, 6C, DB, 5F, 00, E8, 28, 01, 00, 00, 39, 1D, 44, 7B, 41, 00, 75, 0C, 68, C4, 43, 41, 00, FF, 15, 18, 50... 
[+]

Entropy:

7.6259

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

80 KB (81,920 bytes)

Remove updateflashplayer_21db6750.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.