home

temp.bin

The file temp.bin has been detected as malware by 39 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
8d5a27a96d3514511fadabac980f422e

SHA-1:
592152c0bcd7d1be781349822a286c6591051604

SHA-256:
86b6b3429170f78da1e74640710477b52ff23f0c1477d4db70b4e328f4e23033

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
5/2/2024 5:50:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1050456
-40

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
17.03.15

Avira AntiVirus
TR/Crypt.ZPACK.80071
7.11.149.244

avast!
Win32:Downloader-TPS [Trj]
2014.9-170315

AVG
SHeur4
2018.0.2438

Baidu Antivirus
Worm.Win32.Dorkbot
4.0.3.17315

Bitdefender
Trojan.GenericKD.1050456
1.0.20.370

Bkav FE
W32.AppdataOfomoaD.Trojan
1.3.0.4959

Clam AntiVirus
W32.Sality-27
0.98/213

Comodo Security
TrojWare.Win32.Kryptik.BBJX
18281

Dr.Web
BackDoor.IRC.NgrBot.146
9.0.1.074

Emsisoft Anti-Malware
Trojan.GenericKD.1050456
8.17.03.15.02

ESET NOD32
Win32/Dorkbot
11.9806

Fortinet FortiGate
W32/Simda.NEX!tr
3/15/2017

F-Prot
W32/Trojan2.NXHX
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1050456
11.2017-15-03_4

G Data
Trojan.GenericKD.1050456
17.3.24

IKARUS anti.virus
Trojan.Patched.Ren.Gen2
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12095

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1313

Malwarebytes
Spyware.Zbot.ED
v2017.03.15.02

McAfee
ObfuscatedABK!hb!8D5A27A96D35
5600.6094

Microsoft Security Essentials
Worm:Win32/Dorkbot.I
1.10502

MicroWorld eScan
Trojan.GenericKD.1050456
18.0.0.222

NANO AntiVirus
Trojan.Win32.ZPACK.bxpmay
0.28.0.59911

nProtect
Trojan.GenericKD.1050456
14.05.15.01

Panda Antivirus
Generic Malware
17.03.15.02

Qihoo 360 Security
Win32/Trojan.b0a
1.0.0.1015

Rising Antivirus
PE:Worm.Dorkbot!6.B69
23.00.65.17313

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
8534

Total Defense
Win32/Dorkbot.JVRRZaB
37.0.10939

Trend Micro House Call
WORM_DORKBOT.ITA
7.2.74

Trend Micro
WORM_DORKBOT.ITA
10.465.15

Vba32 AntiVirus
SScope.Worm.Dorkbot.2113
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Zbot.fdm
29256

ViRobot
Worm.Win32.Agent.114176
2011.4.7.4223

Zillya! Antivirus
Backdoor.Androm.Win32.1337
2.0.0.1790

File size:
243.5 KB (249,344 bytes)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\temp.bin

File PE Metadata
Compilation timestamp:
3/14/2011 8:09:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.0

Entry address:
0x1153F

Entry point:
55, 8B, EC, 83, C4, C0, 89, 55, C4, 03, 35, 48, B8, 41, 00, 01, 35, 58, 56, 41, 00, 2B, 3D, 58, 56, 41, 00, 29, 3D, 80, 66, 41, 00, 23, 15, D0, 3C, 41, 00, 01, 15, 44, 55, 41, 00, 03, 35, 58, 56, 41, 00, 21, 35, 44, 60, 41, 00, 03, 3D, 14, 33, 41, 00, 29, 3D, E4, 61, 41, 00, 03, 15, 80, 66, 41, 00, 29, 15, 80, 66, 41, 00, 2B, 05, 58, 56, 41, 00, 21, 05, 44, 55, 41, 00, 81, FE, B1, 00, 00, 00, 75, 12, 23, 1D, 48, B8, 41, 00, 01, 1D, 44, 55, 41, 00, EB, 31, 2A, 8C, 62, B7, 83, 3D, 48, B8, 41, 00, 00, 76, 24...
 
[+]

Entropy:
7.8820

Developed / compiled with:
Microsoft Visual C++

Code size:
70.5 KB (72,192 bytes)

Remove temp.bin - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.