» win32.exe
Overview
Analysis
File Details

win32.exe

ruueueu

The executable win32.exe has been detected as malware by 14 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

win32.exe

Product:

ruueueu

Version:

1.0.0.0

MD5:

dc99d65b3e19f339612cdcd87c6998af

SHA-1:

b1f908556d7d1497d9677fe1bf46bac01dd8881a

SHA-256:

276111b4ea4d4ccb3ec0f8aebf7ddef93049c447c30b44a30921f3d002963981

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/26/2024 3:26:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.54217

1018

avast!

Win32:Malware-gen

2014.9-140423

AVG

MSIL2

2015.0.3496

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.14423

Bitdefender

Gen:Variant.Strictor.54217

1.0.20.565

Dr.Web

Tool.MailPassView.302

9.0.1.0113

Emsisoft Anti-Malware

Gen:Variant.Strictor.54217

8.14.04.23.02

ESET NOD32

MSIL/Injector.DHI (variant)

8.9645

F-Secure

Gen:Variant.Strictor.54217

11.2014-23-04_4

G Data

Gen:Variant.Strictor.54217

14.4.24

Kaspersky

Trojan.Win32.Inject

14.0.0.3975

Malwarebytes

Trojan.Zbot.RV

v2014.04.23.02

MicroWorld eScan

Gen:Variant.Strictor.54217

15.0.0.339

Qihoo 360 Security

Win32/Trojan.58a

1.0.0.1015

File size:

508 KB (520,192 bytes)

Product version:

1.0.0.0

Original file name:

ruueueu.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\windows services\win32.exe

File PE Metadata

Compilation timestamp:

4/3/2014 10:47:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:aO1GbHesdoZMLVLBexahnjy0jvHY30OOOC6vc/:aVVoZMLVLcxknjyIYEOOOC6vc

Entry address:

0x530BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

324.5 KB (332,288 bytes)

Remove win32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.