» f3851712ce363d556691b19dd973e600.pe
Overview
Analysis
File Details

f3851712ce363d556691b19dd973e600.pe

The file f3851712ce363d556691b19dd973e600.pe has been detected as malware by 28 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

MD5:

f3851712ce363d556691b19dd973e600

SHA-1:

3ecd637a7818e28e93ef59cbbd74a9ca68878318

SHA-256:

f4b6a4eaba432e4d4e374a133f5ba84633f4eea76df4d88a02c64383604d07e3

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/19/2024 10:14:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.170800

658

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Crypt.Xpack.122111

7.11.204.208

AVG

Win32/DH

2016.0.3136

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.15418

Bitdefender

Gen:Variant.Kazy.170800

1.0.20.540

Emsisoft Anti-Malware

Gen:Variant.Kazy.170800

8.15.04.18.09

ESET NOD32

Win32/Injector.ACIY (variant)

9.11064

Fortinet FortiGate

W32/Injector.ABXY!tr

4/18/2015

F-Secure

Gen:Variant.Kazy.170800

11.2015-18-04_7

G Data

Gen:Variant.Kazy.170800

15.4.24

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.192.14734

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2173

Malwarebytes

Trojan.Injector.ED

v2015.04.18.09

McAfee

RDN/Generic PWS.y!bcm

5600.6792

Microsoft Security Essentials

PWS:Win32/Zbot

1.11302

MicroWorld eScan

Gen:Variant.Kazy.170800

16.0.0.324

NANO AntiVirus

Trojan.Win32.Xpack.dljjwk

0.30.0.64812

Norman

Troj_Generic.YCRQY

11.20150418

Panda Antivirus

Trj/Genetic.gen

15.04.18.09

Qihoo 360 Security

Win32/Trojan.fef

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15416

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0115

7.2.108

Trend Micro

Mal_Zbot-25

10.465.18

Vba32 AntiVirus

SScope.Trojan.FakeAV.01724

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36914

File size:

238.7 KB (244,431 bytes)

Common path:

C:\users\{user}\downloads\f3851712ce363d556691b19dd973e600.pe

File PE Metadata

Compilation timestamp:

1/11/2003 12:00:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.0

CTPH (ssdeep):

6144:n29I+9FJnXlSoxtCOpVH0nDr9xtmyCw7Bt0Pj:nCI+1XlbSO8v9/myCwNt

Entry address:

0x1510

Entry point:

55, 8B, EC, 83, EC, 1C, 68, E0, 14, 40, 00, FF, 15, 44, B0, 43, 00, 68, A4, B0, 43, 00, E8, D5, FA, FF, FF, 64, A1, 18, 00, 00, 00, 8B, 48, 30, 83, C4, 08, 89, 0D, 9C, E2, 43, 00, FF, 15, 20, B0, 43, 00, 83, 3D, 9C, E2, 43, 00, 00, A3, A8, F2, 43, 00, 74, 0B, A1, 20, D0, 43, 00, 50, E8, A4, 00, 00, 00, 68, A4, B0, 43, 00, E8, 9A, FA, FF, FF, 83, C4, 04, 83, 3D, 9C, E2, 43, 00, 00, 74, 74, E8, 49, FD, FF, FF, 85, C0, 74, 6B, 56, 68, A4, B0, 43, 00, E8, 7A, FA, FF, FF, 8B, 35, 64, B0, 43, 00, 83, C4, 04, 6A... 
[+]

Entropy:

6.0632

Developed / compiled with:

Microsoft Visual C++

Code size:

230 KB (235,520 bytes)

Remove f3851712ce363d556691b19dd973e600.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.