» zikir.exe
Overview
Analysis
File Details
Network (3)

zikir.exe

The executable zikir.exe has been detected as malware by 36 anti-virus scanners. While running, it connects to the Internet address ir2.fp.vip.bf1.yahoo.com on port 80 using the HTTP protocol.

File name:

zikir.exe

MD5:

eccd539300afab661b6250a21598933d

SHA-1:

cd8f66ab41d2603876055dba9b239e59297302eb

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/26/2024 10:23:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.1725344

874

Agnitum Outpost

Trojan.Autoit

7.1.1

AhnLab V3 Security

Win32/Autoit.worm.617343

2014.09.09

Avira AntiVirus

TR/Autoit.CI.14

7.11.171.88

avast!

Win32:AutoIt-CI [Trj]

2014.9-140914

AVG

Autoit

2015.0.3352

Baidu Antivirus

Trojan.Win32.FakeFolder

4.0.3.14914

Bitdefender

Trojan.Generic.1725344

1.0.20.1285

Clam AntiVirus

Trojan.Siggen-7

0.98/21411

Dr.Web

Trojan.Click1.37970

9.0.1.0257

Emsisoft Anti-Malware

Trojan.Generic.1725344

8.14.09.14.01

ESET NOD32

Win32/Autoit.DB

8.10386

Fortinet FortiGate

W32/Autorun.HNW!tr

9/14/2014

F-Prot

W32/Trojan2.DFYJ

v6.4.7.1.166

G Data

Trojan.Generic.1725344

14.9.24

IKARUS anti.virus

Worm.Win32.AutoRun

t3scan.1.7.5.0

K7 AntiVirus

Password-Stealer

13.183.13305

Kaspersky

Worm.Win32.AutoRun

14.0.0.3255

Malwarebytes

Trojan.FakeFolder

v2014.09.14.01

McAfee

W32/YahLover.worm

5600.7008

Microsoft Security Essentials

Worm:Win32/Nuqel.AE

1.10904

MicroWorld eScan

Trojan.Generic.1725344

15.0.0.771

NANO AntiVirus

Trojan.Win32.AutoRun.hcfwq

0.28.2.61942

Norman

Sohanad.gen6

11.20140914

Panda Antivirus

W32/Sohanat.FO.worm

14.09.14.01

Qihoo 360 Security

Worm.Win32.FakeFolder.BV

1.0.0.1015

Quick Heal

Worm.AutoRun.A10

9.14.14.00

Rising Antivirus

PE:Worm.Win32.Agent.avb!1509112

23.00.65.14912

Sophos

W32/AutoRun-BUC

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-AutoIt

10361

Total Defense

Win32/Armax.G

37.0.11170

Trend Micro House Call

WORM_DELF.FKZ

7.2.257

Trend Micro

WORM_DELF.FKZ

10.465.14

Vba32 AntiVirus

Trojan-Downloader.Autoit.gen

3.12.26.3

VIPRE Antivirus

Worm.Win32.Nuqel.z

32936

Zillya! Antivirus

Worm.Sohanad.Win32.1008

2.0.0.1915

File size:

1 MB (1,058,111 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

11/25/2007 5:21:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:EDsj1dEcBcFJ5ULLvly9VVTu94lNhbB0F8VBBPaH/YsVr:EDe1WcM5ULpy9VAqNVqiJyHBr

Entry address:

0xA5001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 50, 0A, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.8076

Packer / compiler:

ASPack v2.12

Code size:

404.5 KB (414,208 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ir1.fp.vip.ne1.yahoo.com (98.138.253.109:80)

TCP (HTTP):

Connects to ir2.fp.vip.bf1.yahoo.com (98.139.183.24:80)

TCP (HTTP):

Connects to ir2.fp.vip.sg3.yahoo.com (106.10.138.240:80)

Remove zikir.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.