» updateflashplayer_2fc99968.exe
Overview
Analysis
File Details

updateflashplayer_2fc99968.exe

Ensiem Corporatu

The executable updateflashplayer_2fc99968.exe, “Ensiem Visatl Studie 2020” has been detected as malware by 22 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Ensiem Corporatu

Description:

Ensiem Visatl Studie 2020

Version:

7.45.36839.5223

MD5:

2e3b0f8921a8c946a426af731c53c096

SHA-1:

ba89e90616531ba577591a646edca9f7307fb99a

SHA-256:

d4e54820707c8340e89d2d6364936fb15f20d68cdf5f4442cbf51063890ae0d3

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/26/2024 10:54:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.520210

6196279

AhnLab V3 Security

Trojan/Win32.Necurs

2014.12.20

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.11.196.212

avast!

Win32:Dropper-gen [Drp]

141214-1

AVG

Win32/Cryptor

2014.0.4189

Bitdefender

Gen:Variant.Kazy.520210

1.0.20.1765

Emsisoft Anti-Malware

Gen:Variant.Kazy.520210

9.0.0.4668

ESET NOD32

Win32/Kryptik.CTJP trojan

7.0.302.0

Fortinet FortiGate

W32/Kryptik.CSQU!tr

12/19/2014

F-Secure

Gen:Variant.Kazy.520210

5.13.68

G Data

Gen:Variant.Kazy.520210

14.12.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2773

Malwarebytes

Trojan.Zemot

v2014.12.19.09

McAfee

Trojan.Artemis!2E3B0F8921A8

16.8.708.2

Microsoft Security Essentials

PWS:Win32/Zbot

1.11302

MicroWorld eScan

Gen:Variant.Kazy.520210

15.0.0.1059

Norman

Gen:Variant.Kazy.520210

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.19.09

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1B01LI14

7.2.353

File size:

498.1 KB (510,056 bytes)

Product version:

7.45.36839.5223

Original file name:

baesh.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\updateflashplayer_2fc99968.exe

File PE Metadata

Compilation timestamp:

3/25/2011 6:11:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:bSHIaaRnadCupHHcBVSShUpf0vS2IAxupsRU6jp99qXGRl:bSHI9G9nqESq5YDtP9qe

Entry address:

0x5965

Entry point:

55, 8B, EC, 81, EC, F0, 00, 00, 00, 8B, 0D, 84, F0, 40, 00, 89, 8D, 4C, FF, FF, FF, 53, 8B, 8D, 4C, FF, FF, FF, F7, C1, A1, 43, 00, 00, 74, 11, BA, 8E, 00, 00, 00, 83, F1, 03, 89, 4D, D4, 89, 95, 4C, FF, FF, FF, 56, 81, C1, 00, 00, 1A, 09, 89, 8D, 4C, FF, FF, FF, 57, 83, F9, 00, 75, 12, 03, D1, F7, C2, BA, 00, 00, 00, 74, 08, 33, D1, 89, 95, 4C, FF, FF, FF, 83, CA, DF, 8B, 35, 60, F0, 40, 00, 89, 95, 4C, FF, FF, FF, 89, 95, 4C, FF, FF, FF, 89, 95, 4C, FF, FF, FF, 89, 75, B8, 68, 6C, F0, 40, 00, FF, 15, 08... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

31.5 KB (32,256 bytes)

Remove updateflashplayer_2fc99968.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.