home

video_player_upgrade.exe

YeeTooMDter5

The executable video_player_upgrade.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from chaosium.com.
Product:
YeeTooMDter5

Description:
threhg

Version:
1, 0, 0, 1

MD5:
afbe270c83e6a8dbef2c41bd58df9624

SHA-1:
5af9536ec2189eb9f788f6a36c743edb4d51067c

SHA-256:
c27613c1cead3c0c069fc61b5a2cb15b7a083405a1a8da21cd0766fa88e31a20

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/26/2024 6:19:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.335664
286

AhnLab V3 Security
Spyware/Win32.Zbot
2015.04.20

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160424

AVG
PSW.Generic12
2017.0.2764

Baidu Antivirus
Trojan.Win32.Inject
4.0.3.16424

Bitdefender
Gen:Variant.Kazy.335664
1.0.20.575

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
21821

Dr.Web
DDoS.Bonke.158
9.0.1.0115

Emsisoft Anti-Malware
Gen:Variant.Kazy.335664
8.16.04.24.12

ESET NOD32
Win32/Injector.AXHG
10.11497

Fortinet FortiGate
W32/Kryptik.WIF!tr
4/24/2016

F-Secure
Gen:Variant.Kazy.335664
11.2016-24-04_1

G Data
Gen:Variant.Kazy.335664
16.4.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15641

Kaspersky
Trojan.Win32.Inject
14.0.0.315

Malwarebytes
Trojan.Zbot
v2016.04.24.12

McAfee
PWSZbot-FRL!AFBE270C83E6
5600.6420

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.11502.0

MicroWorld eScan
Gen:Variant.Kazy.335664
17.0.0.345

NANO AntiVirus
Trojan.Win32.Inject.cuhsvk
0.30.16.1110

Norman
Troj_Generic.SOIPB
11.20160424

Panda Antivirus
Trj/CI.A
16.04.24.12

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
TrojanPWS.Zbot.A4
4.16.14.00

Rising Antivirus
PE:Trojan.Injector!1.9F7C
23.00.65.16422

Sophos
Mal/Zbot-QU
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Cidox
9185

Total Defense
Win32/Tnega.TAKQdRC
37.0.11557

Trend Micro House Call
TROJ_SPNR.06BE14
7.2.115

Trend Micro
TROJ_SPNR.06BE14
10.465.24

Vba32 AntiVirus
Trojan.Cidox
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Fareit.if
39484

ViRobot
Trojan.Win32.S.Agent.172032.TU[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.90860
2.0.0.2143

File size:
168 KB (172,032 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2013

Original file name:
eryerD5.exe

File type:
Executable application (Win32 EXE)

Language:
Turecki (Turcja)

Common path:
C:\users\{user}\downloads\video_player_upgrade.exe

File PE Metadata
Compilation timestamp:
12/15/2013 10:04:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
3072:EAYk+mAtkDeyaW5Xkk5brbEHmIqh+5V37qf6QzJ/Mt5Swylrxav5WDZbus:EAYk+mGkDBa20k5n7Iqh+zqSQN/MtVyB

Entry address:
0x52C6

Entry point:
90, 8B, EC, 01, FF, 68, 90, 01, 01, 00, 68, 4C, 54, 40, 00, 64, A1, 01, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 01, FF, 15, 14, 62, 40, 00, 59, 83, 0D, 94, 7B, 40, 00, FF, 83, 0D, 98, 7B, 40, 00, FF, FF, 15, 10, 62, 40, 00, 8B, 0D, 88, 7B, 40, 00, 89, 08, FF, 15, 0C, 62, 40, 00, 8B, 0D, 84, 7B, 40, 00, 89, 08, A1, 08, 62, 40, 00, 8B, 00, A3, 90, 7B, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 40, 71, 40, 00, EB, 0C, 68, 48, 54, 40, 00, FF, 15, 04, 62...
 
[+]

Code size:
20 KB (20,480 bytes)

The file video_player_upgrade.exe has been seen being distributed by the following URL.

http://chaosium.com/?afr5g99=fd0c4f699b29202

Remove video_player_upgrade.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.