home

tempfiles.exe

The executable tempfiles.exe has been detected as malware by 38 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
ce20c9da5bfd4aaf479a14fb3328fb61

SHA-1:
bec30f884fa29c746889e7970218ace4def9ff80

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
5/2/2024 6:23:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.33147
-39

Agnitum Outpost
Trojan.DL.Karagany
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
2016.01.22

Avira AntiVirus
TR/Dropper.Gen2
8.3.2.4

Arcabit
Trojan.Graftor.D817B
1.0.0.646

avast!
Win32:Injector-AQB [Trj]
2014.9-170315

AVG
Dropper.Generic6
2018.0.2439

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.17315

Bitdefender
Gen:Variant.Graftor.33147
1.0.20.370

Clam AntiVirus
Win.Trojan.Agent-540650
0.98/21511

Comodo Security
TrojWare.Win32.Spy.Zbot.SD
23998

Dr.Web
Trojan.DownLoader6.7707
9.0.1.074

Emsisoft Anti-Malware
Gen:Variant.Graftor.33147
8.17.03.15.02

ESET NOD32
Win32/TrojanDownloader.Vespula.AY (variant)
11.12907

Fortinet FortiGate
W32/Zbot.ZY!tr
3/15/2017

F-Secure
Gen:Variant.Graftor.33147
11.2017-15-03_4

G Data
Gen:Variant.Graftor.33147
17.3.25

IKARUS anti.virus
Trojan.Win32.Ransom
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18499

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1311

Malwarebytes
Trojan.Agent.H
v2017.03.15.02

McAfee
PWS-Zbot.gen.zy
5600.6095

Microsoft Security Essentials
TrojanDownloader:Win32/Karagany.I
1.1.12400.0

MicroWorld eScan
Gen:Variant.Graftor.33147
18.0.0.222

NANO AntiVirus
Trojan.Win32.DownLoader6.rkgrm
1.0.14.5380

nProtect
Trojan/W32.Small.30720.QP
16.01.21.01

Panda Antivirus
Generic Malware
17.03.15.02

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

Quick Heal
Trojan.Obfuscator.DV
3.17.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.17313

Sophos
Troj/Karagan-M
4.98

Total Defense
Win32/Zbot.FSN
37.1.62.1

Trend Micro House Call
TROJ_RANSOM.SM1
7.2.74

Trend Micro
TROJ_RANSOM.SM1
10.465.15

Vba32 AntiVirus
BScope.Trojan.NgrBot.3130A
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Zbot.zy
46668

ViRobot
Trojan.Win32.A.Downloader.30720.HR[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Karagany.Win32.172
2.0.0.2625

File size:
30 KB (30,720 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\tempfiles.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x734C

Entry point:
55, 8B, EC, 83, C4, E8, 53, 56, 57, 33, C0, 89, 45, E8, 89, 45, EC, B8, 0C, 73, 40, 00, E8, 29, C7, FF, FF, BF, 9C, 96, 40, 00, 33, C0, 55, 68, 58, 74, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, 5E, C9, FF, FF, 8B, 55, EC, B8, 90, 96, 40, 00, 33, C9, E8, BB, C0, FF, FF, C6, 07, 54, EB, 23, B8, 07, 00, 00, 00, 31, F6, EB, 09, C3, EB, 17, EB, 15, 88, 0F, EB, 11, 88, 0F, EB, 0D, EB, 0B, EB, 09, B8, 07, 00, 00, 00, 31, F6, EB, EB, 8D, 45, E8, E8, 37, F8, FF, FF, 8B, 55, E8, B8, 94, 96, 40, 00, E8, 7A, BF...
 
[+]

Entropy:
6.3492

Developed / compiled with:
Microsoft Visual C++

Code size:
25.5 KB (26,112 bytes)

Remove tempfiles.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.