» cfa8c14c0af26e5e5026ba64669fef40.pe
Overview
Analysis
File Details

cfa8c14c0af26e5e5026ba64669fef40.pe

The file cfa8c14c0af26e5e5026ba64669fef40.pe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

cfa8c14c0af26e5e5026ba64669fef40

SHA-1:

17f0efd69b0e91204b824f66b1e95167eb49dc30

SHA-256:

2ad1d77cbf561ce5980801b6e173b6d97711908e3e70afaae10d96e0efacee90

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/24/2024 6:33:51 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.17509

658

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Spyware/Win32.Zbot

2014.06.09

Avira AntiVirus

TR/PSW.Zbot.JH.36

7.11.153.240

avast!

Win32:Fareit-FB [Trj]

2014.9-150418

AVG

PSW.Generic11

2016.0.3136

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.15418

Bitdefender

Trojan.GenericKDZ.17509

1.0.20.540

Bkav FE

W32.Clodfa8.Trojan

1.3.0.4959

Comodo Security

TrojWare.Win32.Kryptik.BAMF

18486

Dr.Web

Trojan.PWS.Panda.2977

9.0.1.0108

Emsisoft Anti-Malware

Trojan.GenericKDZ.17509

8.15.04.18.08

ESET NOD32

Win32/Kryptik.BASU (variant)

9.9914

Fortinet FortiGate

W32/Tepfer.JUJG!tr.pws

4/18/2015

F-Prot

W32/Zbot.OV.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKDZ.17509

11.2015-18-04_7

G Data

Trojan.GenericKDZ.17509

15.4.24

IKARUS anti.virus

Trojan.Win32.FakeAV

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.1712333

Kaspersky

Trojan-Ransom.Win32.Gimemo

14.0.0.2173

Malwarebytes

Rootkit.0Access.ED

v2015.04.18.08

McAfee

PWS-Zbot.gen.ary

5600.6792

Microsoft Security Essentials

PWS:Win32/Zbot.gen!AJ

1.10600

MicroWorld eScan

Trojan.GenericKDZ.17509

16.0.0.324

NANO AntiVirus

Trojan.Win32.Zbot.brvijf

0.28.0.60100

Norman

Dorkbot.FDK

11.20150418

nProtect

Trojan-Spy/W32.ZBot.207360.AJ

14.06.08.01

Panda Antivirus

Trj/Genetic.gen

15.04.18.08

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/ZboCheMan-D

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-PWS

9928

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Reveton.a

30112

File size:

202.5 KB (207,360 bytes)

Common path:

C:\users\{user}\downloads\cfa8c14c0af26e5e5026ba64669fef40.pe

File PE Metadata

Compilation timestamp:

12/23/2012 12:24:14 PM

OS version:

8.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

35.26

CTPH (ssdeep):

6144:3LEAGx3/rX0PBhxGu3J4QFR9KqA/JUi9pnuzLeljyn7x:383/rXsn3JLbAR1vYwy

Entry address:

0x5392

Entry point:

55, 8B, EC, 81, EC, 38, 01, 00, 00, 66, 0F, BE, 85, CF, FE, FF, FF, 68, 7C, 94, 42, 00, 68, 5C, 96, 42, 00, C7, 45, E0, 04, 01, 00, 00, 66, A3, FA, 93, 42, 00, FF, 15, 2C, C0, 40, 00, 68, 88, 94, 42, 00, 68, 90, 94, 42, 00, FF, 15, 08, C0, 40, 00, 68, 98, 94, 42, 00, FF, 15, 18, C0, 40, 00, 68, A4, 94, 42, 00, FF, 15, 04, C0, 40, 00, 6A, 01, 6A, 06, 8D, 45, E0, 50, 8D, 85, C8, FE, FF, FF, 50, 68, 38, 94, 42, 00, FF, 15, 00, C0, 40, 00, 8D, 45, CC, 50, 6A, 01, 68, B8, 94, 42, 00, FF, 15, 0C, C0, 40, 00, 80... 
[+]

Entropy:

7.6614

Developed / compiled with:

Microsoft Visual C++

Code size:

36.5 KB (37,376 bytes)

Remove cfa8c14c0af26e5e5026ba64669fef40.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.