» zzu.exe
Overview
Analysis
File Details

zzu.exe

The executable zzu.exe has been detected as malware by 27 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

zzu.exe

MD5:

fe76d5c6c1caba2b6f3603e40e1d4053

SHA-1:

001d314d989e62050d05f6bb8f852d16a78ec3f1

SHA-256:

6dea507cb012ac602903970f9fc112dd4e9a097293b95adc1316db693e231436

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/18/2024 8:36:13 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1644820

1018

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

Avira AntiVirus

TR/Crypt.EPACK.9498

7.11.144.160

avast!

Win32:Malware-gen

2014.9-140423

AVG

Zbot

2015.0.3496

Baidu Antivirus

Trojan.Win32.Zbot

4.0.3.14423

Bitdefender

Trojan.GenericKD.1644820

1.0.20.565

Emsisoft Anti-Malware

Trojan.GenericKD.1644820

8.14.04.23.03

ESET NOD32

Win32/Spy.Zbot.YW

8.9704

Fortinet FortiGate

W32/Zbot.SDXE!tr

4/23/2014

F-Secure

Trojan.GenericKD.1644820

11.2014-23-04_4

G Data

Trojan.GenericKD.1644820

14.4.24

IKARUS anti.virus

Trojan-PWS.Win32.Zbot

t3scan.1.6.1.0

K7 AntiVirus

Spyware

13.176.11833

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.3974

Malwarebytes

Trojan.Zbot.BME

v2014.04.23.03

McAfee

Artemis!FE76D5C6C1CA

5600.7152

Microsoft Security Essentials

PWS:Win32/Zbot

1.10502

MicroWorld eScan

Trojan.GenericKD.1644820

15.0.0.339

NANO AntiVirus

Trojan.Win32.Zbot.cwjtcj

0.28.0.59492

Norman

Troj_Generic.TOEAP

11.20140423

nProtect

Trojan.GenericKD.1644820

14.04.21.01

Panda Antivirus

Generic Malware

14.04.23.03

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DDK14

7.2.113

Trend Micro

TROJ_GEN.R0CBC0DDK14

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

28468

File size:

265.5 KB (271,872 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/15/2005 11:03:55 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.64

CTPH (ssdeep):

3072:CWpWxRhEDDZL2cK1aJ/YR7SK1jXAafVHd8sVUUd:CPw4cSapw7ZbHd8sVUUd

Entry address:

0x1000

Entry point:

68, AC, 10, 46, 00, FF, 15, 1A, 94, 47, 00, 8B, 0D, C8, 12, 46, 00, 81, F9, 7C, 0A, 1B, 80, 74, 50, C7, 05, 24, 1E, 46, 00, 21, C2, 00, 00, FF, 05, 50, 11, 46, 00, 8B, 15, 3C, 11, 46, 00, 83, C0, 8C, C6, 05, 10, 13, 46, 00, 05, C7, 05, E0, 1E, 46, 00, 09, 18, 00, 00, 8D, 5A, F9, 83, FB, DF, 74, 06, 83, EB, 27, 83, C3, 19, 74, 06, 89, 0D, 10, 17, 46, 00, 89, 15, D0, 16, 46, 00, 83, C3, 53, 8B, 35, 5C, 17, 46, 00, 42, 6A, 6C, 59, 68, 05, 21, 00, 00, FF, 15, 1E, 94, 47, 00, A1, 80, 13, 46, 00, 85, DB, 75, 0E... 
[+]

Entropy:

5.9685

Code size:

211.5 KB (216,576 bytes)

Remove zzu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.