home

updateflashplayer_6da98dc8.exe

Anriel Corporatu

The application updateflashplayer_6da98dc8.exe, “Anriel Visatl Studie 2020” has been detected as adware by 30 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. It is also typically executed from the user's temporary directory.
Publisher:
Anriel Corporatu

Description:
Anriel Visatl Studie 2020

Version:
10.10.54925.49085

MD5:
f98122a4cc470f0c9c411e89cbee7c2b

SHA-1:
f2b9b3abf20d85bfd634069c08482ab3c194b64f

SHA-256:
9ef25c491e70b11be88e8b3faf62c67e145aade0128145f771ba598abc71f922

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
4/26/2024 3:29:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12298646
775

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.12.09

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:MalOb-HX [Cryp]
141130-1

AVG
Crypt3
2015.0.3253

Baidu Antivirus
Trojan.Win32.Kryptik
4.0.3.14128

Bitdefender
Trojan.Generic.12298646
1.0.20.1775

Clam AntiVirus
Win.Trojan.12298646
0.98/19813

Dr.Web
Trojan.PWS.Panda.7719
9.0.1.0355

Emsisoft Anti-Malware
Trojan.Generic.12298646
8.14.12.21.11

ESET NOD32
Win32/Kryptik.CSIR trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CSQU!tr
12/21/2014

F-Secure
Trojan.Generic.12298646
11.2014-21-12_1

G Data
Trojan.Generic.12298646
14.12.24

K7 AntiVirus
Trojan
13.188.14395

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2827

Malwarebytes
Trojan.Zemot
v2014.12.08.03

McAfee
Trojan.MysticCompressor!F98122A4CC47
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.519.0

MicroWorld eScan
Trojan.Generic.12298646
15.0.0.1065

NANO AntiVirus
Trojan.Win32.Kryptik.djzudt
0.28.6.64267

Norman
Trojan.Generic.12298646
11.20141221

nProtect
Trojan.Generic.12298646
14.12.19.01

Panda Antivirus
Trj/Genetic.gen
14.12.21.11

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.AnrielCorporatu
15.3.1.16

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Zbot.FDeGRE
37.0.11339

VIPRE Antivirus
Threat.4150696
35418

File size:
259.7 KB (265,917 bytes)

Product version:
10.10.54925.49085

Original file name:
biash.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\updateflashplayer_6da98dc8.exe

File PE Metadata
Compilation timestamp:
3/5/2011 8:03:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:kySJQRTYoFZYMagagYfrJjEpF8X+ayPCRu4/ko3dMHzSsbNMimoLZMt:OWYoFZIXgeH+ayPO1k8dQzSsb/JLit

Entry address:
0x3593

Entry point:
55, 8B, EC, 81, EC, 58, 01, 00, 00, 8B, 0D, 04, 60, 40, 00, 89, 8D, 50, FF, FF, FF, 53, 8B, 05, 24, 60, 40, 00, 03, C0, 89, 85, 50, FF, FF, FF, 56, 0B, C8, 8B, 95, 50, FF, FF, FF, 89, 95, 64, FF, FF, FF, 89, 8D, 50, FF, FF, FF, 57, 03, C0, 8B, BD, 64, FF, FF, FF, 89, 8D, 50, FF, FF, FF, 89, 85, 64, FF, FF, FF, 89, 95, 50, FF, FF, FF, 89, BD, 64, FF, FF, FF, 83, C0, 17, BA, 87, 00, 00, 00, 89, 85, 64, FF, FF, FF, 89, 95, 50, FF, FF, FF, 8D, 85, C4, FE, FF, FF, 50, 6A, 00, FF, 15, 04, 50, 40, 00, 33, C7, 8B...
 
[+]

Entropy:
7.9102

Developed / compiled with:
Microsoft Visual C++

Code size:
13.5 KB (13,824 bytes)

Remove updateflashplayer_6da98dc8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.