» ybzysaem.exe
Overview
Analysis
File Details
Behaviors (1)

ybzysaem.exe

Ensiem Corporatu

The executable ybzysaem.exe, “Ensiem Visatl Studie 2020” has been detected as malware by 24 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

ybzysaem.exe

Publisher:

Ensiem Corporatu

Description:

Ensiem Visatl Studie 2020

Version:

8.32.23219.51816

MD5:

6293fd2b7fdd230f351a18ba3c2a6ac5

SHA-1:

097fcbd7c47621709930928ba0a92318feee5fa9

SHA-256:

4e5443b0459055b7cbecdca7355de23b9c43e3410713464c977098cfa4243416

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/26/2024 7:33:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12359539

6196279

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.11.196.212

AVG

Win32/Cryptor

2014.0.4189

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.141221

Bitdefender

Trojan.Generic.12359539

1.0.20.1765

Comodo Security

UnclassifiedMalware

20415

Emsisoft Anti-Malware

Trojan.Generic.12359539

9.0.0.4668

ESET NOD32

Win32/Kryptik.CTHY trojan

7.0.302.0

Fortinet FortiGate

W32/Kryptik.CSQU!tr

12/19/2014

F-Secure

Trojan.Generic.12359539

5.13.68

G Data

Trojan.Generic.12359539

14.12.24

Kaspersky

Trojan-Spy.Win32.Zbot

15.0.0.543

Malwarebytes

Trojan.Zemot

v2014.12.19.09

McAfee

MysticCompressor!6293FD2B7FDD

5600.6912

Microsoft Security Essentials

PWS:Win32/Zbot

1.11302

MicroWorld eScan

Trojan.Generic.12359539

15.0.0.1059

Norman

Trojan.Generic.12359539

04.12.2014 14:30:06

nProtect

Trojan.Generic.12359539

14.12.19.01

Panda Antivirus

Trj/Genetic.gen

14.12.19.09

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_FORUCON.BME

7.2.355

Trend Micro

TROJ_FORUCON.BME

10.465.21

File size:

494.1 KB (505,924 bytes)

Product version:

8.32.23219.51816

Original file name:

baesh.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\ybzysaem.exe

File PE Metadata

Compilation timestamp:

2/12/2010 3:52:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:jag8wNRWn0ixPj/dnhACkV3/szZu2iekepwjBIcz:jGBDdaVhU0

Entry address:

0x4A3C

Entry point:

55, 8B, EC, 81, EC, 20, 01, 00, 00, B9, 00, 00, 00, 00, 89, 4D, C4, 53, 8B, 45, C4, 89, 85, EC, FE, FF, FF, 56, 8B, 4D, C4, 33, C8, 89, 4D, C8, 57, 8B, C8, 3D, 20, 88, 00, 00, 74, 1F, 8B, B5, EC, FE, FF, FF, 83, C6, 2A, 3B, F0, 75, 12, 8B, 1D, 04, E0, 40, 00, 83, C1, E6, 89, 75, C8, 89, 5D, C4, 89, 4D, C4, 83, F1, AD, 89, 8D, 44, FF, FF, FF, 68, 04, E0, 40, 00, FF, 15, 04, 81, 40, 00, 3B, 05, A0, E0, 40, 00, 74, 05, 2B, DE, 89, 5D, 90, 89, 85, 04, FF, FF, FF, 3B, 05, 04, E0, 40, 00, 74, 5C, 35, 00, B4, 48... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

27.5 KB (28,160 bytes)

Scheduled Task

Task name:

Security Center Update - 1647015295

Trigger:

Daily (Runs daily at 16:00)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

Remove ybzysaem.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.