home

windows 8 pro final activator.exe

The executable windows 8 pro final activator.exe has been detected as malware by 15 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from serv41.f2h.co.il and multiple other hosts.
MD5:
1f9ba56272b238e1e8e8304a3d19546f

SHA-1:
a65bde98634ae32090cdc960ff5dda6d93aeb295

SHA-256:
cd9882d8c94d9dca72f18de7f4d4f57b0355d9e09d68cfd142ffc19f6152c191

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
4/26/2024 11:47:59 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Cloddcf.Trojan
1.3.0.4613

Dr.Web
Trojan.DownLoader8.62080
9.0.1.0356

ESET NOD32
Win32/HackTool.WinActivator
7.9256

Malwarebytes
Trojan.Dropper.SFX
v2013.12.22.03

McAfee
Artemis!1F9BA56272B2
5600.7274

MicroWorld eScan
TR/Agent.VB.3208
14.0.0.1068

Norman
Suspicious_Gen4.BVSLQ
11.20131222

Panda Antivirus
Trj/Agent.MIZ
13.12.22.03

Reason Heuristics
Unnamed.Threat.32
14.3.2.17

Rising Antivirus
PE:Trojan.Win32.Generic.148FDD27!344972583
23.00.65.131220

Sophos
Troj/Crack-AP
4.96

Trend Micro House Call
HKTL_ACTVATR
7.2.356

Trend Micro
HKTL_ACTVATR
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
25142

ViRobot
Trojan.Win32.A.Zbot.2494473
2011.4.7.4223

File size:
2.4 MB (2,494,473 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\diendanbaclieu.net_kichhoatwin8\windows 8 pro final activator.exe

File PE Metadata
Compilation timestamp:
3/15/2010 1:27:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:juXDYihrKIM5yXUU9FEzzmCSBqv9cziiyvuxz3nFtrr04kkMpRD2IcMLtrERE17t:juki5ZbUsEH1vcDJFtrqpp2yyl4T

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9622  (probably packed)

Code size:
66 KB (67,584 bytes)

The file windows 8 pro final activator.exe has been seen being distributed by the following 27 URLs.

http://serv41.f2h.co.il/.../8l5rsm3hbm80|6d383864fada9810b59dd89068a2ed43

https://hbxd3g.bn1302.livefilestore.com/.../P8_v25.exe

temp:loader.exe

http://serv41.f2h.co.il/.../8l5rsm3hbm80|e00b6b0fe68778b08fdd028efc1e9f7c|.exe

temp:Personalisation FIX.exe

https://doc-0g-1c-docs.googleusercontent.com/docs/securesc/pgsj1rfm6mv85vacb427tumf3nacca31/e7hr80mppvh2gc1q4b7leveffdbh8bod/1445644800000/.../10681091077490830753/0B9Pv45O8PbPWWWo3czNqSENFS1E?e=download

http://f2h.nana10.co.il/.../8l5rsm3hbm80|20c64534ec280a5f6f905c18e893512d|.exe

http://serv41.f2h.co.il/.../8l5rsm3hbm80|28c6a35456a4f79263204d2dd27d156f

http://inda10.indamail.hu/.../x-msdownload&mb=ilda91@indamail.hu&vip=ch6825de8ee25r6ifnqrtrfh53

http://serv41.f2h.co.il/.../8l5rsm3hbm80|dac352855d9d86a5072b0811db14bf06

temp:Windows 8 Pro Final Activator.exe

http://download1257.mediafire.com/tveqgzp618fg/.../Win8crack.exe

http://download1412.mediafire.com/rxfxc70qr6wg/.../P8_v25.exe

http://download956.mediafire.com/2asp3pgk56yg/.../P8_v25.exe

temp:Windows 8 Loader.exe

https://siratulmustaqim.googlecode.com/.../P8_v25.exe

https://s3.amazonaws.com/pushbullet-uploads/.../P8_v25.exe

https://doc-08-48-docs.googleusercontent.com/docs/securesc/6uijlgc4lqg4g060qvmbno1rff619caq/06iecnb9k4mpa00jt9j6sgdqt64cjlf2/1412402400000/.../01821188425395756904/0B4gaWv0PicJWZXFfMEZIaGhqRkU?e=download&h=16653014193614665626&nonce=j4g3tut3m8q6c&user=01821188425395756904&hash=2g0v4mi652cvtiqaa5kpo3ofstoqvh99

https://docs.google.com/nonceSigner?nonce=j4g3tut3m8q6c&continue=https://doc-08-48-docs.googleusercontent.com/docs/securesc/6uijlgc4lqg4g060qvmbno1rff619caq/06iecnb9k4mpa00jt9j6sgdqt64cjlf2/1412402400000/.../01821188425395756904/0B4gaWv0PicJWZXFfMEZIaGhqRkU?e=download&h=16653014193614665626&hash=lj5h64cb13b3e7igul6f6q8834gg6pno

https://doc-08-48-docs.googleusercontent.com/docs/securesc/6uijlgc4lqg4g060qvmbno1rff619caq/06iecnb9k4mpa00jt9j6sgdqt64cjlf2/1412402400000/.../01821188425395756904/0B4gaWv0PicJWZXFfMEZIaGhqRkU?h=16653014193614665626&e=download

https://drive.google.com/uc?export=download&confirm=LOHf&id=0B4gaWv0PicJWZXFfMEZIaGhqRkU

https://dl.dropbox.com/s/.../P8_v25.exe

http://dc689.4shared.com/download/.../P8_v25.exe

https://doc-0k-9o-docsviewer.googleusercontent.com/viewer/securedownload/ehto6arcpp9e0h1hocd2tdiru0h2uldb/jlgejjeonbgsm2lgocmpj4r0g3mpfeh5/1397842200000/ZXhwbG9yZXI=/.../MEI0azFvejdwNDBGU1Z6a3RiakJUTWs1MFUxVQ==?sec=AHSqidaTaGcado031BOpycK7-DPgHRcWBQBFTlYBO7vr0DTYBAMCEDCm9Jz8GU1byyd0K2GDjGmN&a=dl&filename=Win8Pro.rar&rel=rar;r2;Windows 8 Pro Final Activator.exe&nonce=6vodipntniol8&user=AGZ5hq98Bno4g-cxftwBuUbuny0R&hash=bk0901ekul99kpjfeiufhqfur1e1ief1

https://docs.google.com/viewer/noncesigner?nonce=6vodipntniol8&continue=https://doc-0k-9o-docsviewer.googleusercontent.com/viewer/securedownload/ehto6arcpp9e0h1hocd2tdiru0h2uldb/jlgejjeonbgsm2lgocmpj4r0g3mpfeh5/1397842200000/ZXhwbG9yZXI=/.../MEI0azFvejdwNDBGU1Z6a3RiakJUTWs1MFUxVQ==?sec=AHSqidaTaGcado031BOpycK7-DPgHRcWBQBFTlYBO7vr0DTYBAMCEDCm9Jz8GU1byyd0K2GDjGmN&a=dl&filename=Win8Pro.rar&rel=rar;r2;Windows 8 Pro Final Activator.exe&hash=7od6q585gitvv687gku204rorq6hsl6v

https://doc-0k-9o-docsviewer.googleusercontent.com/viewer/securedownload/ehto6arcpp9e0h1hocd2tdiru0h2uldb/jlgejjeonbgsm2lgocmpj4r0g3mpfeh5/1397842200000/ZXhwbG9yZXI=/.../MEI0azFvejdwNDBGU1Z6a3RiakJUTWs1MFUxVQ==?a=dl&filename=Win8Pro.rar&sec=AHSqidaTaGcado031BOpycK7-DPgHRcWBQBFTlYBO7vr0DTYBAMCEDCm9Jz8GU1byyd0K2GDjGmN&rel=rar;r2;Windows 8 Pro Final Activator.exe

https://dl.dropboxusercontent.com/u/.../site/selo Tmasters/P8_v25.exe

Remove windows 8 pro final activator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.