home

usb_cable_drivers_windows_2.3_xp_7_8_vista.exe

The executable usb_cable_drivers_windows_2.3_xp_7_8_vista.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from cables.glucofacts.bayer.com and multiple other hosts.
MD5:
0954fb2212938f61a5fe7cc7a655f508

SHA-1:
9966ee93470c8e6d388849de1f447dcb69e212c1

SHA-256:
05f5db3dea596f061234be2978d11d97a55877d4137eb3cf057c2df1ad9af69c

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/19/2024 6:38:30 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.OnGameT2KSULAE.Trojan
1.3.0.6379

Comodo Security
TrojWare.Win32.Spy.Zbot.BPOE
21448

Dr.Web
Trojan.DownLoader11.13124
9.0.1.0104

McAfee
Artemis!0954FB221293
5600.6795

Trend Micro House Call
Suspicious_GEN.F47V0224
7.2.104

ViRobot
Trojan.Win32.A.Badur.2528005[h]
2014.3.20.0

File size:
2.4 MB (2,528,005 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\usb_cable_drivers_windows_2.3_xp_7_8_vista.exe

File PE Metadata
Compilation timestamp:
2/3/2011 3:11:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:evqMNFmMhyZSLKqXRChVtCOHnRyX1ChlyWz0NOfoG+Dv2Cwdw//FRd:eSM2MhyoGlnRyaUWQNOfoG0FwdmdRd

Entry address:
0x294F4

Entry point:
55, 8B, EC, 6A, FF, 68, 38, 51, 45, 00, 68, 74, D4, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 4C, 11, 45, 00, 33, D2, 8A, D4, 89, 15, E0, 38, 47, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 38, 47, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 38, 47, 00, C1, E8, 10, A3, D4, 38, 47, 00, 33, F6, 56, E8, BA, 3E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 85, 3B, 00, 00, FF, 15, 48, 11, 45, 00, A3, 84, 68, 47, 00, E8...
 
[+]

Entropy:
7.8562

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
320 KB (327,680 bytes)

The file usb_cable_drivers_windows_2.3_xp_7_8_vista.exe has been seen being distributed by the following 3 URLs.

http://cables.glucofacts.bayer.com/.../default.aspx?pid=1e2424fa-ba4b-4435-96c3-86d4fb4b9271

http://mandrillapp.com/track/click/.../cables.glucofacts.bayer.com?p=eyJzIjoiZjZ0cU10WHNueUg3MDlkSTJJS1M0NEtQVzJBIiwidiI6MSwicCI6IntcInVcIjozMDU5MjI0NSxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvY2FibGVzLmdsdWNvZmFjdHMuYmF5ZXIuY29tXFxcL3BhY2thZ2VzXFxcL0RlZmF1bHQuYXNweD9waWQ9NGM0OGVjNDktNzFkNS00MjUxLThmZGMtNGYyZWM0ZWNiMGI4Jmw9ZW4tdXMmdj04XCIsXCJpZFwiOlwiNDU3NjgwMWM3NDc2NDJkNThmOWNmNWQ3N2U4ZDUwMjhcIixcInVybF9pZHNcIjpbXCIzY2E0NjdjMThkNzc4NTE3MDFlNGI3ZDQ3MTc4MjY4NWVhZGViMmI4XCJdfSJ9

http://mandrillapp.com/track/click/.../cables.glucofacts.bayer.com?p=eyJzIjoiTFo5OVZ3YU03OF9yYnJ0LWh6YXlwbm54WGdRIiwidiI6MSwicCI6IntcInVcIjozMDU5MjI0NSxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvY2FibGVzLmdsdWNvZmFjdHMuYmF5ZXIuY29tXFxcL3BhY2thZ2VzXFxcL0RlZmF1bHQuYXNweD9waWQ9ZDgwZGQzMDYtMDlkZi00ZDIzLTgyYmItNzJiNzdhZGUxODY4Jmw9ZW4tdXMmdj04XCIsXCJpZFwiOlwiODQ2ZDkzM2YxODZkNGU4NzhlYzIyY2NkYTVmMzFiMWZcIixcInVybF9pZHNcIjpbXCIzY2E0NjdjMThkNzc4NTE3MDFlNGI3ZDQ3MTc4MjY4NWVhZGViMmI4XCJdfSJ9

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.