home

e7f177211ae73c16c2c0f0c9ce83ef20.pe

j6jrj

sejh4re56

The file e7f177211ae73c16c2c0f0c9ce83ef20.pe has been detected as a potentially unwanted program by 35 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
sejh4re56

Product:
j6jrj

Description:
j5t7zk65k

Version:
8.5

MD5:
e7f177211ae73c16c2c0f0c9ce83ef20

SHA-1:
ead74482298c925556d71faa04315461a06359fe

SHA-256:
02af81db554857d2bdaca1fce018341dd579767be16f7b306ae38706e6b9e05d

Scanner detections:
35 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 3:53:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.31297
658

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
2015.04.06

Avira AntiVirus
TR/Spy.ZBot.mbgp
3.6.1.96

avast!
Win32:Fareit-GE [Trj]
2014.9-150418

AVG
Win32/Cryptor
2016.0.3136

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.15418

Bitdefender
Gen:Variant.Strictor.31297
1.0.20.540

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
TrojWare.Win32.Kryptik.BDF
21663

Dr.Web
Trojan.DownLoader9.31757
9.0.1.0108

Emsisoft Anti-Malware
Gen:Variant.Strictor.31297
8.15.04.18.09

ESET NOD32
Win32/Kryptik.BDFE (variant)
9.11430

Fortinet FortiGate
W32/Injector.AKER!tr
4/18/2015

F-Secure
Gen:Variant.Strictor.31297
11.2015-18-04_7

G Data
Gen:Variant.Strictor.31297
15.4.25

IKARUS anti.virus
Trojan-Spy.Win32.Zbot
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15489

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2173

Malwarebytes
Spyware.Zbot.ED
v2015.04.18.09

McAfee
PWS-Zbot-FBBA!E7F177211AE7
5600.6792

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!HL
1.1.11502.0

MicroWorld eScan
Gen:Variant.Strictor.31297
16.0.0.324

NANO AntiVirus
Trojan.Win32.Zbot.bxpftl
0.30.8.659

Norman
Inject.BBYH
11.20150418

nProtect
Trojan-Spy/W32.ZBot.251090
15.04.03.01

Panda Antivirus
Trj/Dtcontx.E
15.04.18.09

Qihoo 360 Security
Win32/Trojan.Spy.3a7
1.0.0.1015

Sophos
Mal/EncPk-AJU
4.98

Total Defense
Win32/Tnega.ENPSPXB
37.0.11533

Trend Micro House Call
TROJ_GEN.R047C0ECV15
7.2.108

Trend Micro
TROJ_GEN.R047C0ECV15
10.465.18

Vba32 AntiVirus
TrojanDownloader.Karagany
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39098

Zillya! Antivirus
Trojan.Zbot.Win32.123281
2.0.0.2128

File size:
245.2 KB (251,090 bytes)

Product version:
9.6

Copyright:
rjrtj

Trademarks:
rk6rshj

Original file name:
k56jrdxth

Language:
Arabic (Egypt)

Common path:
C:\users\{user}\downloads\e7f177211ae73c16c2c0f0c9ce83ef20.pe

File PE Metadata
Compilation timestamp:
6/9/2013 5:15:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:SzvQLs5dDbwrhzcSEqnmlCqZNYLRSeNu+/ZralwIiojLznWVTv779FIe:SHMhzcSEqnml/ASR+hAwSSNn/

Entry address:
0x1240

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 64, B1, 40, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 78, B1, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 70, B1, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, B8, C4, 10, 00, 00, E8, 5B, 3F, 00, 00, 83, E4, F0, B8, 00, 00, 00, 00, 83, C0, 0F, 83, C0, 0F, C1, E8, 04, C1, E0, 04, 89, 85, 74, EF, FF, FF, 8B, 85, 74, EF, FF, FF, E8, 36, 3F, 00, 00, E8, C1, 3E, 00, 00, E8, A4, 30, 00, 00, 85, C0, 74, 01...
 
[+]

Entropy:
7.7743

Packer / compiler:
MingWin32 GCC, 0x3.x

Code size:
17 KB (17,408 bytes)

Remove e7f177211ae73c16c2c0f0c9ce83ef20.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.