» just cause 2 - copy.exe
Overview
Analysis
File Details
Behaviors (1)

just cause 2 - copy.exe

Project1

The executable just cause 2 - copy.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PROGRAM’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Product:

Project1

Version:

1.00

MD5:

716797a5e88e33af4114abdca23c0b86

SHA-1:

1cccf6dc5fa44d6bda94c0f652a79782e37673a3

SHA-256:

125e94387d1876fd963ba2a7612cffb121a3674507b60c05988698dcd2910987

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

5/2/2024 9:27:52 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.VB.VLL

7.1.1

AhnLab V3 Security

Win-Trojan/Patched.AE

2013.02.25

Avira AntiVirus

TR/Patched.ZB

7.11.62.142

avast!

Win32:Zbodo

2014.9-170315

AVG

Win32/Dlder.D

2018.0.2439

Bitdefender

Worm.Generic.25124

1.0.20.370

Clam AntiVirus

Worm.VB-904

0.98/18155

Comodo Security

TrojWare.Win32.Patched.O

15359

Dr.Web

Win32.HLLW.Brontok

9.0.1.074

Emsisoft Anti-Malware

Worm.Generic.25124

8.17.03.15.04

ESET NOD32

Win32/TrojanDownloader.Small.OUC

11.8045

Fortinet FortiGate

W32/Genome.ABYW!tr.dldr

3/15/2017

F-Prot

W32/Zbot.T.gen

v6.4.6.5.141

F-Secure

Worm.Generic.25124

11.2017-15-03_4

G Data

Worm.Generic.25124

17.3.22

IKARUS anti.virus

Worm.Win32.VB

t3scan.2.0.0.0

K7 AntiVirus

Trojan

13.160.8248

Kaspersky

Trojan.Win32.ZbotPatched

14.0.0.-1311

McAfee

W32/Zbot.gen.a

5600.6095

Microsoft Security Essentials

Virus:Win32/Zbot.A

1.163.1557.0

MicroWorld eScan

Worm.Generic.25124

18.0.0.222

NANO AntiVirus

Virus.Win32.Dlder.lbyd

0.22.8.50637

Norman

ZBot.gen21

11.20170315

nProtect

Worm.Generic.25124

13.02.24.01

Panda Antivirus

W32/Patched.L

17.03.15.04

Quick Heal

Trojan.Patched.AM

3.17.12.00

Rising Antivirus

Trojan.DL.Win32.Rugo.c

23.00.65.17313

Sophos

Troj/Zbot-NY

4.86

SUPERAntiSpyware

Trojan.Agent/Gen-FakeAlert[Windows]

8535

Total Defense

Win32/SillyDl.SBW

37.0.10307

Trend Micro House Call

PE_ZBOT.A

7.2.74

Trend Micro

PE_ZBOT.A

10.465.15

Vba32 AntiVirus

Trojan.VBRA.08344

3.12.20.2

VIPRE Antivirus

Virus.Win32.Zbot.a

15718

ViRobot

Win32.PatchedZBot.A

2011.4.7.4223

File size:

1.4 MB (1,417,216 bytes)

Product version:

1.00

Original file name:

SHURIKEN 3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

12/31/1999 10:49:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x22A4C

Entry point:

53, 56, 57, 55, FC, 64, 8B, 15, 30, 00, 00, 00, 8B, 52, 0C, 8B, 52, 14, 8B, 72, 28, 6A, 18, 59, 31, FF, 31, C0, AC, 3C, 61, 7C, 02, 2C, 20, C1, CF, 0D, 01, C7, E2, F0, 81, FF, 5B, BC, 4A, 6A, 8B, 6A, 10, 8B, 12, 75, DB, E8, 21, 00, 00, 00, 0D, 73, 68, 6C, 77, 61, 70, 69, 2E, 64, 6C, 6C, 00, 13, 53, 4F, 46, 54, 57, 41, 52, 45, 5C, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 00, BF, 8E, 4E, 0E, EC, E8, 4C, 01, 00, 00, 8B, 14, 24, 42, 52, FF, D0, 55, 89, C5, BF, 46, 7C, E8, 2D, E8, 38, 01, 00, 00, 5D, E8, 24, 01, 00... 
[+]

Entropy:

1.2159

Code size:

136 KB (139,264 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PROGRAM

Command:

C:\windows\windows.exe

Remove just cause 2 - copy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.