updateflashplayer_936ddd1b.exe

mychattool

The executable updateflashplayer_936ddd1b.exe has been detected as malware by 8 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Remove updateflashplayer_936ddd1b.exe - Powered by Reason Core Security
Product:
mychattool

Description:
mychattool

Version:
1, 0, 0, 1

MD5:
a99ee395bfaf42fdb07360d1b3bf8c6a

SHA-1:
8ccce4082ce1a40c7862da2ef4584a47c9768923

SHA-256:
01c2bdf5b037756bc8cb97b24dbd942e0988f1babc2fdf2fd6e2521427fdf263

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/7/2016 11:23:50 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.BFNT
8.9924

Malwarebytes
Spyware.Zbot.ED
v2014.06.10.06

Remove updateflashplayer_936ddd1b.exe - Powered by Reason Core Security
File size:
145.5 KB (149,000 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2014

Original file name:
mychattool.exe

File type:
Executable application (Win32 EXE)

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\appdata\local\temp\updateflashplayer_936ddd1b.exe

File PE Metadata
Compilation timestamp:
6/4/2014 11:28:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:MZB7HQK/iC1MyF0NaHBHNXWCfI2iaPe3K1a2qqP+cl4jWnF:MZBDQeiOFAahtz4aPe6rqOcC

Entry address:
0x1AFF

Entry point:
90, 8B, EC, 6A, FF, 68, A0, 25, 40, 00, 68, 86, 1C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 01, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, D4, 21, 40, 00, 59, 83, 0D, 54, 32, 40, 00, FF, 83, 0D, 58, 32, 40, 00, FF, FF, 15, D0, 21, 40, 00, 8B, 0D, 48, 32, 40, 00, 89, 08, FF, 15, CC, 21, 40, 00, 8B, 0D, 90, 32, 40, 00, 89, 08, A1, C8, 21, 40, 00, 8B, 00, A3, 50, 32, 40, 00, E8, 17, 01, 00, 00, 39, 1D, 60, 30, 40, 00, 75, 0C, 68, 82, 1C, 40, 00, FF, 15, C4, 21...
 
[+]

Entropy:
7.6502

Code size:
4 KB (4,096 bytes)

Remove updateflashplayer_936ddd1b.exe - Powered by Reason Core Security