home

1005443056.cryptedserver.exe

udibl

Any-Video-Converter.com

The executable 1005443056.cryptedserver.exe has been detected as malware by 34 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from directxex.com.
Publisher:
Any-Video-Converter.com

Product:
udibl

Description:
Trochisc alchi

Version:
1.33.0019

MD5:
a13ae3745a24c8b712ef684b220e921e

SHA-1:
22284d0f6c4cf8e6e6aa8972d647571e1ab82ef0

SHA-256:
8f80bd8c55781cc9b7c6c3fead8fccd9d2807c6be4d7d60a4063cd8aa28b806c

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
2/25/2025 11:32:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1582331
1055

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
14.03.16

Avira AntiVirus
TR/Dropper.VB.11906
7.11.137.98

avast!
Win32:Malware-gen
2014.9-140316

AVG
BackDoor.Generic18
2015.0.3533

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.14316

Bitdefender
Trojan.GenericKD.1582331
1.0.20.375

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
17939

Dr.Web
BackDoor.Andromeda.267
9.0.1.075

Emsisoft Anti-Malware
Trojan.GenericKD.1582331
8.14.03.16.04

ESET NOD32
Win32/TrojanDropper.VB.OJG
8.9548

Fortinet FortiGate
W32/Boaxxe.BVB!tr
3/16/2014

F-Secure
Trojan.GenericKD.1582331
11.2014-16-03_1

G Data
Trojan.GenericKD.1582331
14.3.24

IKARUS anti.virus
Backdoor.Win32.Androm
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11451

Kaspersky
Backdoor.Win32.Androm
14.0.0.4162

Malwarebytes
Backdoor.Bot
v2014.03.16.04

McAfee
Artemis!A13AE3745A24
5600.7189

Microsoft Security Essentials
Worm:Win32/Gamarue
1.10302

MicroWorld eScan
Trojan.GenericKD.1582331
15.0.0.225

Norman
Suspicious_Gen4.FVRIL
11.20140316

nProtect
Trojan.GenericKD.1582331
14.03.15.01

Panda Antivirus
Generic Malware
14.03.16.04

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14314

Sophos
Mal/Zbot-PJ
4.98

Total Defense
Win32/Gamarue.cHIEAVD
37.0.10821

Trend Micro House Call
TROJ_GEN.R0CBC0RBQ14
7.2.75

Trend Micro
TROJ_GEN.R0CBC0RBQ14
10.465.16

Vba32 AntiVirus
Backdoor.Androm.buzq
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Zbot.pj
27434

XVirus List
Win.Detected
2.3.31

File size:
292 KB (299,008 bytes)

Product version:
1.33.0019

Copyright:
Unwhitew interaci filicin 2009

Original file name:
Baldakin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\1005443056.cryptedserver.exe

File PE Metadata
Compilation timestamp:
2/23/2014 9:24:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:49JOLHQ1jx0EyoG4SNoTDPEysXcC9sBki9oGqJoW9I7PLdaTvOV0+JONQ+XOL6/Q:4Qw1jccAp9YX9oGq19IfnVtONQ+Xeyi

Entry address:
0x1368

Entry point:
68, EC, 14, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, CD, F0, 79, 17, EA, 00, 31, 46, A3, 03, EE, D8, 4F, 1B, 5F, 80, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, F0, 07, 41, 00, 62, 65, 6C, 61, 72, 64, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 90, DC, AC, A3, 9F, 67, 3B, 48, 99, BF, 77, 70, 73, D4, 8A, CB, D6, A9, EC, E1, 76, 9B, F0, 4B, 82, 3E, 3B, 1F, 37, 57, 33, A8, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
7.6735

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
280 KB (286,720 bytes)

The file 1005443056.cryptedserver.exe has been seen being distributed by the following URL.

http://directxex.com/.../1005443056.cryptedserver.exe

Remove 1005443056.cryptedserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.