» fb67328e796fee81b60f16f5841fb750.pe
Overview
Analysis
File Details

fb67328e796fee81b60f16f5841fb750.pe

Avira GmbH

The file fb67328e796fee81b60f16f5841fb750.pe, “AntiVir Command Line Scanner for Windows” has been detected as malware by 42 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Avira GmbH

Description:

AntiVir Command Line Scanner for Windows

Version:

7.6.0.59

MD5:

fb67328e796fee81b60f16f5841fb750

SHA-1:

0905e5570e881322c992ca238df19aa13647a634

SHA-256:

fe13ee68364b5c45d95719eb47365b903fa6834e5b15d5e6754e9fb323ec44e7

Scanner detections:

42 / 68

Status:

Malware

Explanation:

fb67328e796fee81b60f16f5841fb750.pe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:

4/19/2024 10:30:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.327014

658

Agnitum Outpost

Trojan.DR.Agent

7.1.1

AhnLab V3 Security

Win-Trojan/Ramnit.108544

2015.04.09

Avira AntiVirus

TR/Agent.awdm.12

3.6.1.96

avast!

Win32:Kryptik-HRR [Trj]

2014.9-150418

AVG

Generic21

2016.0.3136

Baidu Antivirus

Trojan.Win32.Lebag

4.0.3.15418

Bitdefender

Gen:Variant.Kazy.327014

1.0.20.540

Bkav FE

W32.NtsuikA

1.3.0.6379

Clam AntiVirus

Trojan.Kazy-816

0.98/21511

Comodo Security

MalCrypt.Indus!

21697

Dr.Web

Trojan.MulDrop1.64009

9.0.1.0108

Emsisoft Anti-Malware

Gen:Variant.Kazy.327014

8.15.04.18.09

ESET NOD32

Win32/Ramnit

9.11445

Fortinet FortiGate

W32/Kryptik.KLV!tr

4/18/2015

F-Prot

W32/Ramnit.K.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.327014

11.2015-18-04_7

G Data

Gen:Variant.Kazy.327014

15.4.25

herdProtect (fuzzy)

variant of ap22f5f90c.exe

2015.7.19.21

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15530

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2173

Malwarebytes

Spyware.Password

v2015.04.18.09

McAfee

PWS-Zbot.gen.cy

5600.6792

Microsoft Security Essentials

Trojan:Win32/Ramnit.D

1.1.11502.0

MicroWorld eScan

Gen:Variant.Kazy.327014

16.0.0.324

NANO AntiVirus

Trojan.Win32.MulDrop1.cnmtll

0.30.10.952

Norman

Ramnit.Q

11.20150418

nProtect

Trojan/W32.Agent.110592.BPU

15.04.07.01

Panda Antivirus

Trj/Ramnit.F

15.04.18.09

Qihoo 360 Security

Malware.Radar02.Gen

1.0.0.1015

Quick Heal

Trojan.Ramnit.A

4.15.14.00

Rising Antivirus

PE:Trojan.Win32.Fednu.uav!1075350517

23.00.65.15416

Sophos

Troj/ZXC-G

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-FraudSoft

9928

Total Defense

Win32/Cutwail.BOJ

37.0.11539

Trend Micro House Call

TSPY_ZBOT.SMHA

7.2.108

Trend Micro

TSPY_ZBOT.SMHA

10.465.18

Vba32 AntiVirus

Trojan.Agentb

3.12.26.3

VIPRE Antivirus

Packed.Win32.PWSZbot.gen.cy

39184

ViRobot

Trojan.Win32.Downloader.108544.S[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Zbot.Win32.29907

2.0.0.2132

File size:

108 KB (110,592 bytes)

Product version:

7.6.0.59

Trademarks:

AntiVir® is a registered trademark of Avira GmbH, Germany

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\fb67328e796fee81b60f16f5841fb750.pe

File PE Metadata

Compilation timestamp:

2/3/2011 4:18:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:nr6W2wIcju6IIXlNPQmTh907Y6lP/8qkrHKDN2k:r6gI4u6lXnxh65Qk

Entry address:

0x1100

Entry point:

55, 8B, EC, 81, EC, 70, 02, 00, 00, 53, 56, 57, 51, 2B, C0, 8B, C0, 81, EE, A8, 00, 00, 00, BA, 00, 00, 00, 00, B9, 07, 03, 00, 00, 89, 4D, EC, BA, 09, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 85, C9, 77, 08, B9, 02, 00, 00, 00, 89, 4D, EC, 8B, 45, EC, 83, EA, 01, 75, EC, 52, 52, 52, FF, 15, 18, 21, 40, 00, 85, C0, 74, 02, FF, D0, 8B, CD, 03, 8D, 93, FD, FF, FF, B9, 50, 4C, 00, 00, 8B, 89, 2C, D4, 3F, 00, 68, C5, 13, 00, 00, 6A, 00, 6A, 00, FF, D1, 03, BD, EC, FE, FF, FF, 09, 85, F8, FE, FF, FF, 03, BD, E3... 
[+]

Entropy:

6.7587

Developed / compiled with:

Microsoft Visual C++

Code size:

2 KB (2,048 bytes)

Remove fb67328e796fee81b60f16f5841fb750.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.