home

windows-7-x86x64-ultimate-uralsoft-v_2_1_14-2014-torrent.exe

VIST

The application windows-7-x86x64-ultimate-uralsoft-v_2_1_14-2014-torrent.exe by VIST has been detected as a potentially unwanted program by 30 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
VIST  (signed and verified)

MD5:
832487b92204417529e7aa6a82ae4fb6

SHA-1:
f469105b4238a12c5fcda5bf9ae26fe8d44eb25d

SHA-256:
21f564ff720045f34d997da49855480df3a7f9837ef5b0a08959b7c4f52d9e3e

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 7:59:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.LoadMoney.64
868

AhnLab V3 Security
PUP/Win32.LoadMoney
2014.09.20

Avira AntiVirus
APPL/LoadMoney.qoid
7.11.173.116

avast!
Win32:LoadMoney-EQ [PUP]
140908-2

AVG
Win32/Cryptor
2014.0.4015

Bitdefender
Gen:Variant.Application.LoadMoney.64
1.0.20.1310

Comodo Security
TrojWare.Win32.Kryptik.BAJ
19557

Dr.Web
Trojan.LoadMoney.15
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.LoadMoney.64
14.09.18

ESET NOD32
Win32/Kryptik.BUXO trojan
7.0.302.0

Fortinet FortiGate
W32/LdMon.E!tr
9/19/2014

F-Prot
W32/LoadMoney.W2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.LoadMoney
11.2014-19-09_6

G Data
Gen:Variant.Application.LoadMoney.64
14.9.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13432

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
15.0.0.494

Malwarebytes
PUP.Optional.LoadMoney
v2014.09.19.06

McAfee
PUP-FNB
5600.7002

Microsoft Security Essentials
Threat.Undefined
1.185.233.0

MicroWorld eScan
Gen:Variant.Application.LoadMoney.64
15.0.0.786

NANO AntiVirus
Trojan.Win32.LoadMoney.ctlnfq
0.28.2.62151

Norman
LoadMoney.DGWZ
11.20140919

nProtect
Trojan/W32.Agent.147328
14.09.19.01

Panda Antivirus
Trj/Genetic.gen
14.09.19.06

Quick Heal
Trojan.Sisproc.A6
9.14.14.00

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14917

Sophos
Troj/LdMon-E
4.98

Vba32 AntiVirus
BScope.TrojanPSW.Zbot.2717
3.12.26.3

VIPRE Antivirus
Threat.4657539
32938

File size:
143.9 KB (147,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows-7-x86x64-ultimate-uralsoft-v_2_1_14-2014-torrent.exe

Digital Signature
Signed by:
VIST

Authority:
COMODO CA Limited

Valid from:
1/20/2014 6:00:00 AM

Valid to:
1/21/2015 5:59:59 AM

Subject:
CN=VIST, O=VIST, STREET="Chistova, 6A", L=Moscow, S=Moscowskaya oblast, PostalCode=109390, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
204E717AF42FC1AC4E22F179E6AF42F3

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:LbhjVl573CwN/afxIzeviPKVdl8Q0QdKRBTHmtW5cgso1DWMUjOpx:fp/EiPKDl8SoEOpx

Entry address:
0x1000

Entry point:
33, C0, 50, E9, 00, 99, 01, 00, 43, 8D, 40, 00, FF, 25, 24, F0, 41, 00, B8, 08, 10, 40, 00, C3, 55, 8B, EC, 81, C4, F8, FA, FF, FF, C7, 45, FC, 72, CE, 01, 00, 8B, 45, FC, 50, E8, E3, 06, 00, 00, 85, C0, 75, 2E, 40, 80, 3D, 32, F0, 41, 00, 00, 7D, 0A, 89, 3D, EB, F0, 41, 00, 89, 5C, 24, FC, C7, 05, 45, F0, 41, 00, 61, 3A, 01, 00, 89, 0D, 17, F0, 41, 00, C7, 05, BB, F0, 41, 00, FA, 49, 01, 00, E8, 5C, 98, 01, 00, C6, 45, B3, 00, 8D, 85, C1, FE, FF, FF, 50, E8, A4, 06, 00, 00, 89, 15, 20, F0, 41, 00, 89, 05...
 
[+]

Code size:
103 KB (105,472 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.