» ec816f34a6815abbb8bc4d41e8672a90.pe
Overview
Analysis
File Details

ec816f34a6815abbb8bc4d41e8672a90.pe

The file ec816f34a6815abbb8bc4d41e8672a90.pe has been detected as malware by 15 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

ec816f34a6815abbb8bc4d41e8672a90

SHA-1:

0e03a148bf0916245942d3d7ad02eb78bece2915

SHA-256:

b16c40192a1197301058d342a02a646094f21d9815fd5893c6efdfeeb1efe590

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/25/2024 7:21:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.50115

658

AhnLab V3 Security

Trojan/Win32.MDA

2015.01.16

AVG

Inject2

2016.0.3043

Bitdefender

Gen:Variant.Symmi.50115

1.0.20.540

Bkav FE

W32.BotanjA.Trojan

1.3.0.6267

Dr.Web

Trojan.Mayachok.18975

9.0.1.0200

Emsisoft Anti-Malware

Gen:Variant.Symmi.50115

8.15.04.18.09

ESET NOD32

Win32/Injector.BSWS trojan

9.7.0.302.0

G Data

Gen:Variant.Symmi.50115

15.4.24

herdProtect (fuzzy)

variant of 1296.tmp

2015.7.19.21

Malwarebytes

Trojan.Zemot.ED

v2015.04.18.09

Microsoft Security Essentials

Threat.Undefined

1.191.2440.0

MicroWorld eScan

Gen:Variant.Symmi.50115

16.0.0.324

NANO AntiVirus

Trojan.Win32.Zbot.dmhkbw

0.30.0.64448

Norman

Rovnix.ER

11.20150418

File size:

115 KB (117,788 bytes)

Common path:

C:\users\{user}\downloads\ec816f34a6815abbb8bc4d41e8672a90.pe

File PE Metadata

Compilation timestamp:

12/22/2014 11:22:28 AM

OS version:

47.37377

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:sojqRJRBRRRRRRhRRRDRRRhRRRRpJRRRRRRRRRRRRRRRRRRRRRRRRRRRppRRRRRO:soEppwqE+PZ/VALx

Entry address:

0x24FC

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7403

Code size:

16 MB (16,783,872 bytes)

Remove ec816f34a6815abbb8bc4d41e8672a90.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.