» z5rfh.exe
Overview
Analysis
File Details
Downloads (1)

z5rfh.exe

7BE.CoM

WwW.7BE.CoM

The executable z5rfh.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from www.rou3a.com.

File name:

z5rfh.exe

Publisher:

WwW.7BE.CoM

Product:

7BE.CoM

Version:

1.00

MD5:

a357a8793111a51130390b2d840d298d

SHA-1:

c2fe95f6333e215f58a28cbf807bca7cff39ac63

SHA-256:

cb7332f82dca6e803d2a6c16e2151f0a206ad434043358f953617be9cf5365cd

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

5/2/2024 12:51:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11874508

446

Bitdefender

Trojan.Generic.11874508

1.0.20.1600

Dr.Web

Trojan.Siggen3.45352

9.0.1.0320

Emsisoft Anti-Malware

Trojan.Generic.11874508

8.15.11.16.07

F-Secure

Trojan.Generic.11874508

11.2015-16-11_2

G Data

Trojan.Generic.11874508

15.11.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.2.0

McAfee

Artemis!A357A8793111

5600.6580

MicroWorld eScan

Trojan.Generic.11874508

16.0.0.960

nProtect

Trojan.Generic.11874508

15.05.27.01

File size:

304 KB (311,296 bytes)

Product version:

1.00

Original file name:

z5rf with EnTaHiNa.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\z5rfh.exe

File PE Metadata

Compilation timestamp:

1/8/2007 9:16:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:b5N9Y/G0RW/YR2YHeniVXRGcpo+iIG0RW/YR2YHeniVXRGcpo5:bu/dReYR2Y1Xpo+DdReYR2Y1Xpo

Entry address:

0x2C60

Entry point:

68, E4, A1, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, CE, B0, 25, 6C, B3, 38, 47, 4E, BC, 11, 57, B6, CD, 67, 0B, 95, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 1A, 7A, 60, 46, 1A, A7, 78, BC, 49, B5, CF, 22, C0, ED, 43, DA, 24, 3F, 6F, B9, 0F, 44, 98, 58, 4C, 87, AB, 3E, 91, A4, 27, 2A, 81, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.1363

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

200 KB (204,800 bytes)

The file z5rfh.exe has been seen being distributed by the following URL.

http://www.rou3a.com/all/.../z5rafah.exe

Remove z5rfh.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.