home

d4d4ad8b296e2afea8d368515cf10df0.pe

The file d4d4ad8b296e2afea8d368515cf10df0.pe has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
d4d4ad8b296e2afea8d368515cf10df0

SHA-1:
28321d2de7183054b94369031e89f8796694914d

SHA-256:
2b7d7da3a4c1187b5f70cf43f1fa6be5b6a7500a39d4ecbc07d8c0b30cdc77bd

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/24/2024 5:52:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.VIZ.Gen.1
658

Agnitum Outpost
Trojan.PWS.Tepfer
7.1.1

AhnLab V3 Security
Trojan/Win32.Tepfer
2015.03.15

Avira AntiVirus
BDS/Kelihos.F.8608
7.11.217.78

avast!
Win32:MalOb-IJ [Cryp]
2014.9-150418

AVG
Luhe.MaZec.N
2016.0.3136

Baidu Antivirus
Trojan.Win32.Katusha
4.0.3.15418

Bitdefender
Trojan.VIZ.Gen.1
1.0.20.540

Bkav FE
HW32.Packed
1.3.0.6379

Clam AntiVirus
Win.Trojan.Tepfer-487
0.98/21511

Comodo Security
TrojWare.Win32.Kryptik.BOGE
21412

Dr.Web
BackDoor.Slym.1999
9.0.1.0108

Emsisoft Anti-Malware
Trojan.VIZ.Gen
8.15.04.18.08

ESET NOD32
Win32/Kryptik.BEWL (variant)
9.11321

Fortinet FortiGate
W32/Kryptik.AGAJ!tr
4/18/2015

F-Prot
W32/FakeAlert.ZO.gen
v6.4.7.1.166

F-Secure
Trojan.VIZ.Gen.1
11.2015-18-04_7

G Data
Trojan.VIZ.Gen
15.4.25

IKARUS anti.virus
Backdoor.Win32.Kelihos
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15262

Kaspersky
Packed.Win32.Katusha
14.0.0.2173

Malwarebytes
Malware.Packer.D4Gen
v2015.04.18.08

McAfee
PWS-Zbot
5600.6792

Microsoft Security Essentials
Backdoor:Win32/Kelihos.F
1.1.11400.0

MicroWorld eScan
Trojan.VIZ.Gen.1
16.0.0.324

NANO AntiVirus
Trojan.Win32.Tepfer.bwjzcl
0.30.0.296

Norman
Hlux.ZY
11.20150418

nProtect
Trojan-PWS/W32.Tepfer.812032.CO
15.03.13.01

Panda Antivirus
Trj/CI.A
15.04.18.08

Quick Heal
TrojanPWS.Zbot.Gen
4.15.14.00

Rising Antivirus
PE:Trojan.Agent!1.6A5D
23.00.65.15416

Sophos
Mal/EncPk-ALN
4.98

Trend Micro House Call
TROJ_RANSOM.SM05
7.2.108

Trend Micro
TROJ_RANSOM.SM05
10.465.18

Vba32 AntiVirus
Malware-Cryptor.Mystig
3.12.26.3

VIPRE Antivirus
VirTool.Win32.Obfuscator.da!n
38424

File size:
793 KB (812,032 bytes)

Common path:
C:\users\{user}\downloads\d4d4ad8b296e2afea8d368515cf10df0.pe

File PE Metadata
Compilation timestamp:
11/13/2003 3:15:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
0.255

CTPH (ssdeep):
12288:R99UXOzjYkJn68yL2n8IFKWoO6mpnzjXfoue8uTi7OYPkdx03MAZDuD:vZ1eIro9gnnQPiKdxC7u

Entry address:
0x25BE

Entry point:
2B, F6, 8B, 35, 64, 30, 40, 00, 68, 00, 50, 4B, 00, FF, 15, 44, 30, 40, 00, 8B, CE, 1B, C8, 81, F9, 00, 00, 04, 00, 72, 36, 6A, 50, 05, E0, 00, 00, 00, 59, 3A, 08, 74, 03, 83, C0, 08, 3A, 08, 74, 03, 83, C0, 08, 38, 08, 74, 03, 83, C0, 10, 05, 84, 00, 00, 00, B3, 70, 2A, 18, 77, 0E, B3, D0, 2A, 18, 72, 0D, 8D, 35, 00, 50, 4B, 00, 73, A5, B9, 7F, FF, FF, FF, 83, C1, 01, 74, 02, 75, F9, CD, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9697  (probably packed)

Code size:
6 KB (6,144 bytes)

Remove d4d4ad8b296e2afea8d368515cf10df0.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.