» uxzun.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

uxzun.exe

Maskasaft Visual Studio 2010

Maskasaft Corporation

The executable uxzun.exe, “Maskasaft Visual Studie 2010” has been detected as malware by 15 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. While running, it connects to the Internet address c2.ds.eurobyte.ru on port 8080.

File name:

uxzun.exe

Publisher:

Maskasaft Corporation

Product:

Maskasaft® Visual Studio® 2010

Description:

Maskasaft Visual Studie 2010

Version:

1.9.43074.5121 built by: SP1Rel

MD5:

0ca3716da0dda555c76b18e654fb99ba

SHA-1:

88b7a1f40fbf175a98e4edcc642df1520cf3ddfe

SHA-256:

5923935d4b1030277e68569cc38e58c559d3e26d9ea11b2d662861b1d19b7d43

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/26/2024 6:30:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.422144

921

Avira AntiVirus

TR/Crypt.XPACK.Gen7

7.11.164.86

avast!

Win32:Malware-gen

140617-1

AVG

Trojan horse Crypt3.AHEW

2014.0.3986

Bitdefender

Gen:Variant.Kazy.422144

1.0.20.1050

Emsisoft Anti-Malware

Gen:Variant.Kazy.422144

8.14.07.29.06

F-Secure

Gen:Variant.Kazy.422144

11.2014-29-07_3

G Data

Gen:Variant.Kazy.422144

14.7.24

Kaspersky

Trojan-Spy.Win32.Zbot

15.0.0.494

Malwarebytes

Spyware.Zbot.MSXGen

v2014.07.29.06

Microsoft Security Essentials

Threat.Undefined

1.179.1469.0

MicroWorld eScan

Gen:Variant.Kazy.422144

15.0.0.630

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14727

SUPERAntiSpyware

Trojan.Agent/Gen-FalComp

10454

VIPRE Antivirus

Threat.4150696

31208

File size:

316.1 KB (323,723 bytes)

Product version:

1.9.43074.5121

Original file name:

devonv.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\yqboet\uxzun.exe

File PE Metadata

Compilation timestamp:

6/16/2010 3:24:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:uRCvEmD8srftQJGn//mIrDctkf8MSA2BHM/cayQ3RwMR5nTjY:uRCMmDtsMmIrVku2BHycayiwknw

Entry address:

0xD0E8

Entry point:

55, 8B, EC, 81, EC, E8, 00, 00, 00, B9, EA, 00, 00, 00, 89, 4D, 9C, 53, EB, 27, 83, C2, D9, EB, 22, 33, D1, 8B, F1, 3B, 5D, F4, 74, 19, 2B, F7, EB, 15, 33, FA, EB, 11, 33, F7, BA, 0A, 00, 00, 00, 89, 4D, E4, EB, 05, EB, 03, 89, 55, AC, 56, 68, 00, 65, F0, 66, 6A, 2D, E8, C8, 20, 00, 00, 83, C4, 08, 57, 3B, 45, 9C, 74, 26, 03, C0, 8B, 15, 3C, 08, 43, 00, A9, 64, 00, 00, 00, 74, 17, 89, 95, 34, FF, FF, FF, 33, C2, 3B, C2, 74, 0B, 8B, 4D, 9C, 33, C8, 89, 8D, 34, FF, FF, FF, 83, C2, 12, BF, 9C, 00, 00, 00, 89... 
[+]

Entropy:

7.8246

Developed / compiled with:

Microsoft Visual C++

Code size:

155 KB (158,720 bytes)

Scheduled Task

Task name:

Security Center Update - 2841111256

Trigger:

Daily (Runs daily at 5:00 AM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to c2.ds.eurobyte.ru (46.165.250.4:8080)

Remove uxzun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.