» utse.exe
Overview
Analysis
File Details
Behaviors (1)

utse.exe

The application utse.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Utse’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

utse.exe

MD5:

e62dbaec041a2b6f41a70f428b1962a0

SHA-1:

57f40e33a5d5579ffbdb7fdbed1e9aa8d43dbc14

SHA-256:

79b1853a2f8701b0b316c740c32944f5d69c57d424872ef25cfa42ba280e7ed7

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 4:34:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.306306

835

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Zbot

2014.10.23

Avira AntiVirus

TR/Spy.ZBot.4736125

7.11.180.144

avast!

Win32:Zbot-SDQ [Trj]

141003-0

AVG

Trojan horse PSW.Generic12.QBL

2014.0.4040

Bitdefender

Gen:Variant.Kazy.306306

1.0.20.1475

Dr.Web

Trojan.PWS.Panda.5182

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.306306

14.10.22

ESET NOD32

Win32/Spy.Zbot.AAU trojan

7.0.302.0

Fortinet FortiGate

W32/Kryptik.AAQ!tr

10/22/2014

F-Secure

Gen:Variant.Kazy.306306

11.2014-22-10_4

G Data

Gen:Variant.Kazy.306306

14.10.24

IKARUS anti.virus

Trojan-PWS.Win32.Zbot

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3062

Malwarebytes

Trojan.Zbot

v2014.10.22.02

McAfee

PWSZbot-FNB!E62DBAEC041A

5600.6969

Microsoft Security Essentials

Threat.Undefined

1.187.228.0

MicroWorld eScan

Gen:Variant.Kazy.306306

15.0.0.885

NANO AntiVirus

Trojan.Win32.Zbot.cqobgt

0.28.2.62841

Norman

Heuristic_Suspicious.gen!r

11.20141022

nProtect

Trojan-Spy/W32.ZBot.473600.AD

14.10.22.01

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

TrojanPWS.Zbot.A4

10.14.14.00

Total Defense

Win32/Zbot.XLYOPSC

37.0.11242

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.3

VIPRE Antivirus

Threat.4799609

33706

File size:

462.5 KB (473,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\siek\utse.exe

File PE Metadata

Compilation timestamp:

10/14/2013 2:15:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:GDli/zDulxeQZ1BtST/HKe5LcvPAWrGQdZ++jNW7l3:b/zMZ1bMJwFrJq0A

Entry address:

0x74C97

Entry point:

55, 8B, EC, 81, EC, 88, 00, 00, 00, 57, 53, 56, 8B, 15, 64, 1F, 40, 00, 81, C2, 09, E3, 23, 82, 83, FA, 00, 0F, 85, 05, 00, 00, 00, E9, D0, 00, 00, 00, 89, 45, 84, A1, DC, 1C, 40, 00, 50, 68, 50, 1A, 40, 00, FF, 15, F0, D0, 46, 00, 89, 45, D4, 8D, 15, BC, 1A, 40, 00, 89, 55, FC, FF, 15, 24, D1, 46, 00, A3, 54, 1B, 40, 00, 8D, 05, 88, 1B, 40, 00, 89, 45, DC, FF, 75, DC, C7, 45, F4, 00, 00, 00, 00, FF, 75, F4, FF, 15, 30, D0, 46, 00, 89, 45, CC, 8B, 55, FC, 52, FF, 15, E0, D0, 46, 00, 8B, 45, D4, 89, 45, C8... 
[+]

Entropy:

4.0581

Developed / compiled with:

Microsoft Visual C++

Code size:

32.5 KB (33,280 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Utse

Command:

C:\users\{user}\appdata\roaming\siek\utse.exe

Remove utse.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.