zueenif.exe

cGIYpIhSF

The executable zueenif.exe has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘zueenif’.
Product:
cGIYpIhSF

Version:
1.00

MD5:
1052fec96dca37fd6cc168d2804f617b

SHA-1:
adab91c6449fff101985604b4bbdb44c6c4302ca

SHA-256:
c5f3ff1ffde65a719dc671d4157c51ccd581b369cb1dc234746f2dec5b1f8ac6

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
5/6/2024 2:10:32 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Otran-5
0.98/23207

Dr.Web
Trojan.VbCrypt.77
9.0.1.05190

ESET NOD32
Win32/AutoRun.VB.ANJ worm
6.3.12010.0

F-Prot
W32/Vobfus.Z.gen
4.6.5.141

Kaspersky
Worm.Win32.WBNA
15.0.2.529

Microsoft Security Essentials
Worm:Win32/Vobfus.gen!S
1.237.1231.0

File size:
336 KB (344,064 bytes)

Product version:
1.00

Original file name:
xWJYiDdSqt.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\sony\zueenif.exe

File PE Metadata
Compilation timestamp:
10/8/2011 5:02:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x3B14

Entry point:
68, AC, 3B, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 82, 66, C2, 77, D1, 2B, 05, 4A, 8F, 05, 48, B0, D0, D9, 2D, B2, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 65, 67, 69, 6E, 20, 56, 66, 59, 42, 63, 64, 4E, 00, 20, 00, 00, 00, 00, 06, 00, 00, 00, 0C, 57, 40, 00, 07, 00, 00, 00, 08, 4F, 40, 00, 01, 00, 00, 00, 6C, 4A, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, C0, 4A, 40, 00, 08, E0, 44, 00, 01, 00, 00, 00, A8, 3B, 40, 00...
 
[+]

Entropy:
5.9055

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
308 KB (315,392 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
zueenif

Command:
C:\users\sony\zueenif.exe \y


Remove zueenif.exe - Powered by Reason Core Security