» efe7b25a68b7ce0ae4d98af2f70e1b00.pe
Overview
Analysis
File Details

efe7b25a68b7ce0ae4d98af2f70e1b00.pe

The file efe7b25a68b7ce0ae4d98af2f70e1b00.pe has been detected as malware by 34 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

efe7b25a68b7ce0ae4d98af2f70e1b00

SHA-1:

ed302ec071274d9e5ef08bdb90ce8303c166197b

SHA-256:

dc9639d508da409971f25054159df34626444696161cde8e1c1602de6a673847

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/26/2024 11:48:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.859086

658

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Spyware/Win32.Zbot

2015.01.22

Avira AntiVirus

TR/PSW.Zbot.5069

7.11.204.50

avast!

Win32:Malware-gen

2014.9-150418

AVG

PSW.Generic10

2016.0.3136

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.15418

Bitdefender

Trojan.Generic.KDV.859086

1.0.20.540

Dr.Web

Trojan.Winlock.8004

9.0.1.0108

Emsisoft Anti-Malware

Trojan.Generic.KDV.859086

8.15.04.18.09

ESET NOD32

Win32/Spy.Zbot.AAO

9.11054

Fortinet FortiGate

W32/Zbot.AAO!tr

4/18/2015

F-Prot

W32/Zbot.IF.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.KDV.859086

11.2015-18-04_7

G Data

Trojan.Generic.KDV.859086

15.4.24

IKARUS anti.virus

Trojan-PWS.Win32.Zbot

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.191.14713

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2173

Malwarebytes

Spyware.Password

v2015.04.18.09

McAfee

PWS-Zbot.gen.asv

5600.6792

Microsoft Security Essentials

PWS:Win32/Zbot.AHM

1.11302

MicroWorld eScan

Trojan.Generic.KDV.859086

16.0.0.324

NANO AntiVirus

Trojan.Win32.Winlock.csfhlk

0.30.0.64812

Norman

Cridex.DH

11.20150418

nProtect

Trojan-Spy/W32.ZBot.321024.AG

15.01.22.01

Qihoo 360 Security

Win32/Trojan.PSW.1d8

1.0.0.1015

Quick Heal

Trojan.Ransom.A

4.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.17F0B1DE!401650142

23.00.65.15416

Sophos

Troj/Zbot-DWQ

4.98

Total Defense

Win32/Zbot.GXS

37.0.11397

Trend Micro House Call

TROJ_GEN.R08NC0CA815

7.2.108

Trend Micro

TROJ_GEN.R08NC0CA815

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

36870

Zillya! Antivirus

Trojan.Zbot.Win32.104900

2.0.0.2042

File size:

313.5 KB (321,024 bytes)

Common path:

C:\users\{user}\downloads\efe7b25a68b7ce0ae4d98af2f70e1b00.pe

File PE Metadata

Compilation timestamp:

1/14/2013 12:55:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.10

CTPH (ssdeep):

6144:3EJpNDfj9gdFitzxvLe31YW9Gbgrq10JhFBav1Ao87M/V:3yfj2zitz12ZYr0bFBavA7wV

Entry address:

0x1211

Entry point:

E9, 55, FF, FF, FF, 8D, 76, 00, 8D, BC, 27, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 00, 91, 40, 00, E8, C8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 11, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 00, 91, 40, 00, E8, A8, FE, FF, FF, 90, 11, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 1C, 91, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 10, 91, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 5D, E9, 13, 25, 00, 00, 90, 90, 90, 90, 90, 90, 90, 55... 
[+]

Entropy:

6.9018

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

11 KB (11,264 bytes)

Remove efe7b25a68b7ce0ae4d98af2f70e1b00.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.