» sdra64.exe
Overview
Analysis
File Details

sdra64.exe

The executable sdra64.exe has been detected as malware by 15 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

sdra64.exe

MD5:

f3a037cd10b16680acd846c10cd2ae83

SHA-1:

46d2231701056f0a355da38111b782f67744d9a7

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/29/2024 1:24:25 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.2.1.196

Emsisoft A-Squared

Trojan-Spy.Win32.Zbot!IK

4.5.0.50

avast!

Win32:Spyware-gen

2014.9-170314

AVG

Pakes

2018.0.2439

Comodo Security

TrojWare.Win32.TrojanSpy.Zbot.Gen

4333

Dr.Web

Trojan.Packed.788

9.0.1.073

ESET NOD32

Win32/Kryptik.CPF (variant)

11.4961

Fortinet FortiGate

W32/Zbot!tr

3/14/2017

G Data

Win32:Spyware-gen

17.3.19

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

t3scan.1.1.80.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.-1310

McAfee

Generic PWS.y!ccz

5600.6095

Panda Antivirus

Suspicious file

17.03.14.10

Prevx

Medium Risk Malware

3.0

Trend Micro

TROJ_KRAP.SMDA

10.465.14

File size:

130.5 KB (133,632 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\sdra64.exe

File PE Metadata

Compilation timestamp:

1/10/2008 11:31:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x13682

Entry point:

EB, 36, 89, E0, BB, BF, 00, 00, 00, 53, 50, 50, FF, 15, 64, 85, 41, 00, 93, 31, C9, E8, 2E, 00, 00, 00, 31, FF, 51, 6A, 00, FF, 15, 14, 80, 41, 00, 39, F8, 74, 08, B8, 0B, 00, 00, 00, 59, FF, E1, 50, 39, C2, 75, 3D, 74, E2, BB, 00, 00, 00, 00, E8, D8, FF, FF, FF, 39, D8, 75, BC, 74, E9, 83, F9, FF, 74, CD, 51, 6A, 40, 68, 00, 30, 00, 00, 68, 5C, 87, 01, 00, 6A, 00, FF, 15, 48, 84, 41, 00, 59, 50, 51, E8, 6E, 00, 00, 00, BA, FF, 2C, 13, 2F, 00, DA, 31, ED, 51, 8B, 0E, 01, D1, 8B, 44, 24, 04, 3D, 6E, 40, 00... 
[+]

Code size:

91 KB (93,184 bytes)

Remove sdra64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.