home

eaf38c16461d7f2cf6dae51ae8992340.pe

The file eaf38c16461d7f2cf6dae51ae8992340.pe has been detected as a potentially unwanted program by 36 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
eaf38c16461d7f2cf6dae51ae8992340

SHA-1:
32e5dd97fb85559487968e6264a427cd77b029d4

SHA-256:
2eb4c97536ec3d1b69ce3d60ca9b36bde4c6cbe8370a11effd27518242601754

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:30:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12482895
658

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.01.22

Avira AntiVirus
TR/PSW.Agent.258628
7.11.204.50

avast!
Win32:Malware-gen
2014.9-150418

AVG
Dropper.Generic9
2016.0.3136

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.15418

Bitdefender
Trojan.Generic.12482895
1.0.20.540

Dr.Web
Trojan.PWS.Stealer.1932
9.0.1.0108

Emsisoft Anti-Malware
Trojan.Generic.12482895
8.15.04.18.09

ESET NOD32
Win32/Injector.BNTS (variant)
9.11054

Fortinet FortiGate
W32/Zbot.SX!tr
4/18/2015

F-Prot
W32/Trojan2.ONVN
v6.4.7.1.166

F-Secure
Trojan.Generic.12482895
11.2015-18-04_7

G Data
Trojan.Generic.12482895
15.4.24

herdProtect (fuzzy)
variant of virussign.com_60b777b04cacf9dd98ee269be67df330.vir
2015.7.19.21

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.191.14717

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.2173

Malwarebytes
Trojan.Agent.ED
v2015.04.18.09

McAfee
RDN/Generic PWS.y!bch
5600.6792

Microsoft Security Essentials
PWS:Win32/Zbot.gen!VM
1.11302

MicroWorld eScan
Trojan.Generic.12482895
16.0.0.324

NANO AntiVirus
Trojan.Win32.Yakes.dlnpgi
0.30.0.64812

Norman
Emotet.AI
11.20150418

nProtect
Trojan-Spy/W32.ZBot.258628
15.01.22.01

Panda Antivirus
Trj/CI.A
15.04.18.09

Qihoo 360 Security
Win32/Trojan.Spy.684
1.0.0.1015

Sophos
Mal/Zbot-SX
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
9928

Total Defense
Win32/Zbot.GPGfEaC
37.0.11397

Trend Micro House Call
TROJ_GEN.R028C0DA415
7.2.108

Trend Micro
TROJ_GEN.R028C0DA415
10.465.18

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36874

Zillya! Antivirus
Trojan.Zbot.Win32.172349
2.0.0.2042

File size:
252.6 KB (258,628 bytes)

Common path:
C:\users\{user}\downloads\eaf38c16461d7f2cf6dae51ae8992340.pe

File PE Metadata
Compilation timestamp:
12/25/2014 8:49:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.1

CTPH (ssdeep):
6144:RSpwqJDfletd12j7Y9ZKJbIN6+yRtCvBuC6cheLmhNA1Qyu:glhj890JIk+0tyuCJoLmf3

Entry address:
0x2178

Entry point:
8B, FF, 55, 8B, EC, 6A, FF, 68, 78, 4A, 40, 00, 68, 34, 37, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, BA, 78, 00, 00, 00, 33, C0, B8, 85, 17, 40, 00, 03, D0, B9, 04, 00, 00, 00, 33, D2, F7, F9, 68, 20, 50, 40, 00, 48, 50, 68, 90, 50, 40, 00, 59, 51, B8, 90, 6A, 40, 00, 33, C2, 0F, AF, C1, 50, E8, 98, 11, 00, 00, E8, 3C, FA, FF, FF, 8D, 0C, 3F, C1, E9, 02, 6A, 00, 81, C1, 00, 10, 00, 00, 51, 56, 8B, E8, E8, 53, D1, 06, 00, 56, 68, 00, 10, 00, 00, 8D, 54, 24, 28, 6A, 01, 52, E8, 95, CE...
 
[+]

Entropy:
7.7065  (probably packed)

Code size:
12.3 KB (12,544 bytes)

Remove eaf38c16461d7f2cf6dae51ae8992340.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.