home

uvoxyme.exe

The executable uvoxyme.exe has been detected as malware by 31 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
458ca7c38e3536c99e76b11810e03aa4

SHA-1:
7421d8362ea98f428213568f99f2277609286ee5

SHA-256:
9069ef5583f785f7f52a3849a1dd58deb41f0fed061fc97f2aad92eeeca835aa

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/27/2024 3:48:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.459175
856

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.ZBot
2014.10.02

Avira AntiVirus
TR/Crypt.ZPACK.94609
7.11.176.28

avast!
Win32:Malware-gen
140929-0

AVG
Trojan horse SHeur4.CCHJ
2014.0.4025

Bitdefender
Gen:Variant.Kazy.459175
1.0.20.1375

Bkav FE
HW32.Paked
1.3.0.4959

Clam AntiVirus
Win.Trojan.Agent-781910
0.98/19469

Comodo Security
TrojWare.Win32.Spy.Zbot.GLC
19678

Dr.Web
Trojan.Packed
9.0.1.0275

Emsisoft Anti-Malware
Gen:Variant.Kazy.459175
8.14.10.02.04

ESET NOD32
Win32/Spy.Zbot.ABA
8.10498

Fortinet FortiGate
W32/Kryptik.VOOA!tr
10/2/2014

F-Secure
Gen:Variant.Kazy.459175
11.2014-02-10_5

G Data
Gen:Variant.Kazy.459175
14.10.24

IKARUS anti.virus
Trojan-Ransom.Win32.Blocker
t3scan.1.7.8.0

K7 AntiVirus
Spyware
13.183.13550

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3164

Malwarebytes
Trojan.Zbot.RRE
v2014.10.02.04

McAfee
PWSZbot-FADO!458CA7C38E35
5600.6990

Microsoft Security Essentials
Threat.Undefined
1.185.1828.0

MicroWorld eScan
Gen:Variant.Kazy.459175
15.0.0.825

NANO AntiVirus
Trojan.Win32.ZPACK.dfjhgn
0.28.2.62440

Panda Antivirus
Trj/Genetic.gen
14.10.02.04

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14930

Sophos
Mal/EncPk-AFC
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Kazy
10325

Total Defense
Win32/Zbot.cEGYHXD
37.0.11209

VIPRE Antivirus
Threat.4150696
33520

Zillya! Antivirus
Trojan.ZBot.Win32.69
2.0.0.1940

File size:
285.6 KB (292,437 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\aduvzoec\uvoxyme.exe

File PE Metadata
Compilation timestamp:
7/17/2012 11:21:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:UJeiLIHcpiSi5vX3ufFaMpycF6pGgaOmRPLwkoSW2dHRKExV:UJtIoi/eQMp36pGgaOmRPMbidxpb

Entry address:
0x12964

Entry point:
55, 8B, EC, 81, EC, 70, 01, 00, 00, 8B, 0D, A4, 37, 43, 00, 89, 8D, 58, FF, FF, FF, 53, 8B, 95, 58, FF, FF, FF, 89, 95, F0, FE, FF, FF, 56, 89, 8D, 58, FF, FF, FF, 57, 83, E9, 70, EB, 67, 83, C1, CF, 3B, 4D, 9C, 74, 5F, 03, CF, F7, C1, 97, 00, 00, 00, 74, 55, 83, C1, B8, 89, 7D, F0, EB, 4D, 03, C0, EB, 49, 33, FB, B8, 00, 00, 76, 41, 89, 7D, E8, 89, 55, 80, EB, 3A, F7, C2, 27, 00, 00, 00, 75, 32, 83, C1, 39, 8B, 05, 88, 37, 43, 00, EB, 27, BF, 6E, 00, 00, 00, 0B, FA, 3B, 9D, 6C, FF, FF, FF, 74, 18, B9, FC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
164 KB (167,936 bytes)

Scheduled Task
Task name:
Security Center Update - 2890372131

Trigger:
Daily (Runs daily at 11:00)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to mrs02s05-in-f15.1e100.net  (173.194.35.111:443)

Remove uvoxyme.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.