home

watch_video_streaming.exe

MapEditor

The executable watch_video_streaming.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com.
Product:
MapEditor

Description:
MapEditor

Version:
1, 0, 0, 1

MD5:
bcd573c2cb69ee1a45b47f9071e5a376

SHA-1:
c955d876cc61048866a2d6b94dd8be7fe0aea830

SHA-256:
0114b192ec9fcb29b961b835fb0240ae1283fedc913407e64b95eabd2d3fb276

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/24/2024 2:01:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.Zboter.5
206

AhnLab V3 Security
Trojan/Win32.Ransomlock.N1156648070
3.7.4.14

Avira AntiVirus
TR/Dofoil.A.125
8.3.3.4

Arcabit
Trojan.Zboter.5
1.0.0.741

avast!
Win32:Agent-ATNL [Trj]
2014.9-160712

AVG
SHeur4
2017.0.2684

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16712

Bitdefender
Gen:Heur.Zboter.5
1.0.20.970

Clam AntiVirus
Win.Trojan.Sharik-15
0.98/21511

Comodo Security
TrojWare.Win32.Injector.BEJX
25346

Dr.Web
Trojan.PWS.Stealer.1932
9.0.1.0194

Emsisoft Anti-Malware
Gen:Heur.Zboter
8.16.07.12.01

ESET NOD32
Win32/Injector.BCCF (variant)
10.13715

Fortinet FortiGate
W32/Kryptik.WIF!tr
7/12/2016

F-Prot
W32/Trojan2.OEDA
v6.4.7.1.166

F-Secure
Gen:Heur.Zboter.5
11.2016-12-07_3

G Data
Gen:Heur.Zboter
16.7.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.231.20059

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-83

Malwarebytes
Spyware.Zbot.ED
v2016.07.12.01

McAfee
Generic-FAUT!BCD573C2CB69
5600.6340

Microsoft Security Essentials
VirTool:Win32/Injector.IA
1.1.12805.0

MicroWorld eScan
Gen:Heur.Zboter.5
17.0.0.582

NANO AntiVirus
Trojan.Win32.Inject.cwmrjo
1.0.38.8984

Panda Antivirus
Trj/Genetic.gen
16.07.12.01

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1120

Quick Heal
TrojanPWS.Zbot.AP4
7.16.14.00

Sophos
Mal/Zbot-QT
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Symmi
9026

Trend Micro House Call
TROJ_MALKRYP.SM1
7.2.194

Trend Micro
TROJ_MALKRYP.SM1
10.465.12

Vba32 AntiVirus
Trojan.Inject
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
50434

Zillya! Antivirus
Trojan.Yakes.Win32.20411
2.0.0.2932

File size:
92 KB (94,208 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2014

Original file name:
MapEditor.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, Singapore)

Common path:
C:\users\{user}\downloads\watch_video_streaming.exe

File PE Metadata
Compilation timestamp:
4/12/2014 7:24:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:qjVNSABmnhKApxpIxhxmST/E/HCt8IpGTyZHcMaTD6A:QVNSABmnhRMxhE/iaO4Z

Entry address:
0x1CB9

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 4B, 40, 00, 68, EA, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 42, 40, 00, 59, 83, 0D, F4, 62, 40, 00, FF, 83, 0D, F8, 62, 40, 00, FF, FF, 15, 84, 42, 40, 00, 8B, 0D, E8, 62, 40, 00, 89, 08, FF, 15, 80, 42, 40, 00, 8B, 0D, E4, 62, 40, 00, 89, 08, A1, BC, 42, 40, 00, 8B, 00, A3, F0, 62, 40, 00, E8, E8, F2, FF, FF, 39, 1D, 00, 61, 40, 00, 75, 0C, 68, E6, 2F, 40, 00, 90, 15, 94, 42...
 
[+]

Entropy:
6.3018

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

The file watch_video_streaming.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?4y7c9yb7sv7=00edf35b3

Remove watch_video_streaming.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.