» upnyc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (10)

upnyc.exe

Maskiseft Visaal Studio 2010

Maskiseft Corporatien

The executable upnyc.exe, “Maskiseft Visaal Studie 2010” has been detected as malware by 28 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

upnyc.exe

Publisher:

Maskiseft Corporatien

Product:

Maskiseft® Visaal Studio® 2010

Description:

Maskiseft Visaal Studie 2010

Version:

1.9.43074.5121 built by: SP1Rel

MD5:

aff543dafe0431d697f08b08f43a38b4

SHA-1:

02412e895da04cc43cf67665acba5a97b05a9c5f

SHA-256:

ffc0930914576804e16360b0cbb9199bd4d264b2c51da4efe94715d4dc491410

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/23/2024 7:21:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.430690

906

Agnitum Outpost

Trojan.KillProc

7.1.1

AhnLab V3 Security

Trojan/Win32.Necurs

2014.08.20

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

Win32:Trojan-gen

2014.9-140813

AVG

Trojan horse SHeur4

2015.0.3384

Bitdefender

Gen:Variant.Kazy.430690

1.0.20.1125

Bkav FE

HW32.CDB

1.3.0.4959

Dr.Web

Trojan.KillProc.32415

9.0.1.0225

Emsisoft Anti-Malware

Gen:Variant.Kazy.430690

8.14.08.13.10

ESET NOD32

Win32/Kryptik.CIQR trojan

8.7.0.302.0

Fortinet FortiGate

W32/Kryptik.CHDI!tr

8/13/2014

F-Prot

W32/A-ba027243

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.430690

11.2014-13-08_4

G Data

Gen:Variant.Kazy.430690

14.8.24

K7 AntiVirus

Trojan

13.183.13098

Malwarebytes

Trojan.Zbot.gen

v2014.08.13.10

McAfee

PWSZbot-FABW!6763BCAC1B98

5600.7040

Microsoft Security Essentials

Threat.Undefined

1.181.75.0

MicroWorld eScan

Gen:Variant.Kazy.430690

15.0.0.675

NANO AntiVirus

Trojan.Win32.KillProc.ddtlcg

0.28.2.61721

Panda Antivirus

Trj/Genetic.gen

14.08.13.10

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14811

Sophos

Troj/Agent-AIIM

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-FalComp

10278

Total Defense

Win32/Zbot.fXWIRPC

37.0.11130

VIPRE Antivirus

Threat.4371328

32210

File size:

299.6 KB (306,819 bytes)

Product version:

1.9.43074.5121

Original file name:

divonv.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\faitylet\upnyc.exe

File PE Metadata

Compilation timestamp:

3/27/2010 8:51:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:edEHBphyq9brO9zMZMg34krdwJgefjISZgb+1:edevQqBwg3ICwYb+1

Entry address:

0xC980

Entry point:

55, 8B, EC, 81, EC, 04, 01, 00, 00, B8, 6D, 00, 00, 00, 89, 85, 2C, FF, FF, FF, 53, 6A, B5, 50, 6A, C9, 50, E8, 21, 1E, 00, 00, 83, C4, 10, 56, 8B, 95, 2C, FF, FF, FF, 89, 95, 2C, FF, FF, FF, 57, 33, D0, 3B, C2, 75, 06, 89, 95, 2C, FF, FF, FF, 8B, B5, 2C, FF, FF, FF, 83, C6, D6, 89, B5, 2C, FF, FF, FF, 6A, 00, 6A, 00, 68, 8E, 00, 00, 00, 68, 98, CA, 42, 00, FF, 15, 2C, 4E, 42, 00, 2D, 00, 48, 80, 2A, 89, 85, 2C, FF, FF, FF, 8D, 85, 44, FF, FF, FF, 50, FF, 15, 34, 4E, 42, 00, 83, F0, 83, 89, 85, 2C, FF, FF... 
[+]

Entropy:

7.8301

Developed / compiled with:

Microsoft Visual C++

Code size:

138.5 KB (141,824 bytes)

Scheduled Task

Task name:

Security Center Update - 2251774229

Trigger:

Daily (Runs daily at 10:00 AM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to network.realmedia.com (208.71.121.192:80)

TCP (HTTP SSL):

Connects to edge-star-shv-07-dfw1.facebook.com (31.13.66.96:443)

TCP (HTTP):

Connects to dfw06s16-in-f4.1e100.net (74.125.227.100:80)

TCP (HTTP):

Connects to dfw06s16-in-f25.1e100.net (74.125.227.121:80)

TCP (HTTP):

Connects to a184-26-143-155.deploy.static.akamaitechnologies.com (184.26.143.155:80)

TCP (HTTP):

Connects to a184-26-136-89.deploy.static.akamaitechnologies.com (184.26.136.89:80)

TCP (HTTP):

Connects to a184-26-136-83.deploy.static.akamaitechnologies.com (184.26.136.83:80)

TCP (HTTP):

Connects to a184-26-136-74.deploy.static.akamaitechnologies.com (184.26.136.74:80)

TCP (HTTP):

Connects to a184-26-136-65.deploy.static.akamaitechnologies.com (184.26.136.65:80)

TCP (HTTP):

Connects to 108-61-42-10.constant.com (108.61.42.10:80)

Remove upnyc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.