» d842413c2fbe6fdd97818ebce31e2030.pe
Overview
Analysis
File Details

d842413c2fbe6fdd97818ebce31e2030.pe

The file d842413c2fbe6fdd97818ebce31e2030.pe has been detected as malware by 38 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

d842413c2fbe6fdd97818ebce31e2030

SHA-1:

604898d0ae3cf3c7691eca768589bf48e124e2b5

SHA-256:

58cb5007d58f3e62dfd51ac9b63ba1122d4989012b3cb197c68b3423c143ee48

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/27/2024 2:14:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.26468

658

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Necurs

2015.04.10

avast!

Win32:Kryptik-OTW [Trj]

2014.9-150418

AVG

Inject2

2016.0.3136

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.15418

Bitdefender

Trojan.GenericKDZ.26468

1.0.20.540

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

TrojWare.Win32.Injector.BQUF

21703

Dr.Web

Trojan.DownLoad3.35002

9.0.1.0108

Emsisoft Anti-Malware

Trojan.GenericKDZ.26468

8.15.04.18.08

ESET NOD32

Win32/Rovnix

9.11448

Fortinet FortiGate

W32/Injector.BQSP!tr

4/18/2015

F-Prot

W32/Backdoor2.HWXN

v6.4.7.1.166

F-Secure

Trojan.GenericKDZ.26468

11.2015-18-04_7

G Data

Trojan.GenericKDZ.26468

15.4.25

IKARUS anti.virus

Trojan.Win32.Rovnix

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15538

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.2173

Malwarebytes

Trojan.GIFFU.ED

v2015.04.18.08

McAfee

Generic.vp

5600.6792

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!KK

1.1.11502.0

MicroWorld eScan

Trojan.GenericKDZ.26468

16.0.0.324

NANO AntiVirus

Trojan.Win32.Zbot.djtbqh

0.30.10.952

Norman

Rovnix.EC

11.20150418

nProtect

Trojan-Spy/W32.ZBot.131072.FQ

15.04.09.02

Panda Antivirus

Trj/WLT.B

15.04.18.08

Qihoo 360 Security

Win32/Trojan.95c

1.0.0.1015

Quick Heal

TrojanSpy.Zbot.rw4

4.15.14.00

Sophos

Mal/Generic-L

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Injector

9928

Total Defense

Win32/CInject.WeULCf

37.0.11540

Trend Micro House Call

TROJ_GEN.F0C2C00LQ14

7.2.108

Trend Micro

TROJ_GEN.F0C2C00LQ14

10.465.18

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39192

ViRobot

Trojan.Win32.Agent.131072.CE[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Zbot.Win32.172009

2.0.0.2132

File size:

128 KB (131,072 bytes)

Common path:

C:\users\{user}\downloads\d842413c2fbe6fdd97818ebce31e2030.pe

File PE Metadata

Compilation timestamp:

11/18/2014 5:57:20 PM

OS version:

4.524

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:moUJ4vIcqj7kqlbn2apNEJXMXtaUyf+qtahDsJuo:moUKvIcqj7572AEKahf9ohgn

Entry address:

0x496E

Entry point:

55, 00, EC, 6A, FF, 68, D0, 6F, 40, 90, 68, 90, 90, 90, 90, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 84, 64, 40, 00, 59, 83, 90, 7C, 97, E0, 00, FF, 83, 0D, 80, 97, E0, 00, FF, FF, 15, 80, 64, 40, 00, 8B, 0D, 70, 97, E0, 00, 89, 08, FF, 15, 7C, 64, 40, 00, 8B, 0D, 6C, 97, E0, 00, 89, 08, A1, 78, 64, 40, 00, 8B, 00, A3, 78, 97, E0, 00, E8, 16, 01, 00, 00, 39, 1D, 60, 95, 40, 00, 75, 0C, 68, F0, 4A, 40, 00, FF, 15, 74, 64... 
[+]

Entropy:

7.1890

Code size:

20 KB (20,481 bytes)

Remove d842413c2fbe6fdd97818ebce31e2030.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.