home

{4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe

The executable {4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.disaronno.com and multiple other hosts.
MD5:
3dc7253af970e09e70ec9d46301c95d8

SHA-1:
2a23936fecd182d8727d48771510dbe93b4f581a

SHA-256:
fb67966397761bda650e0d6819fdc6ae1f3a933d869c26617c5c62c617330bd2

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
2/25/2025 1:44:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1685723
953

Agnitum Outpost
Backdoor.Napolar
7.1.1

AhnLab V3 Security
Trojan/Win32.Zbot
2014.06.20

Avira AntiVirus
TR/Crypt.ZPACK.81465
7.11.155.208

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140627

AVG
SHeur4
2015.0.3431

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14627

Bitdefender
Trojan.GenericKD.1685723
1.0.20.890

Bkav FE
W32.SertesdoLTL.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18604

Dr.Web
Trojan.Inject1.27909
9.0.1.0178

Emsisoft Anti-Malware
Trojan.GenericKD.1685723
8.14.06.27.07

ESET NOD32
Win32/Napolar
8.9972

Fortinet FortiGate
W32/Napolar.ABF!tr.bdr
6/27/2014

F-Secure
Trojan.GenericKD.1685723
11.2014-27-06_6

G Data
Trojan.GenericKD.1685723
14.6.24

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12463

Kaspersky
Backdoor.Win32.Napolar
14.0.0.3648

Malwarebytes
Spyware.Zbot.ED
v2014.06.27.07

McAfee
RDN/Spybot.bfr!l
5600.7087

Microsoft Security Essentials
Trojan:Win32/CeeInject
1.10701

MicroWorld eScan
Trojan.GenericKD.1685723
15.0.0.534

NANO AntiVirus
Trojan.Win32.Sharik.cyydrv
0.28.0.60253

Norman
Troj_Generic.TZWRZ
11.20140627

nProtect
Trojan.GenericKD.1685723
14.06.19.01

Panda Antivirus
Trj/Genetic.gen
14.06.27.07

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Trend Micro House Call
TROJ_INJECTOR.ZA
7.2.178

Trend Micro
TROJ_INJECTOR.ZA
10.465.27

Vba32 AntiVirus
Backdoor.Napolar
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30472

File size:
192 KB (196,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\{4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe

File PE Metadata
Compilation timestamp:
4/30/2014 7:05:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:BMxnl0Eb1/TyHWKjp/gOaALWrYQ42ewcr34Ca1kmP9DkW/yCmvWwn2D:BKnuEJ/Ajp/yo2ehr4H1ZPtJiWw6

Entry address:
0x579B

Entry point:
55, 8B, EC, 6A, FF, 68, A0, A2, 40, 00, 68, A8, 72, 40, 00, 58, 5B, 33, C3, 5B, 03, C3, 03, C3, 03, C3, 03, C3, 03, C3, 3B, C1, 40, 75, 0C, B8, 00, 00, 00, 00, 33, C0, 40, 83, C0, 02, 40, E8, D0, EC, FF, FF, 5E, 59, 5D, C3, 55, 8B, EC, 51, 51, 85, C0, 8B, 4D, 08, 53, 8B, 5F, 0C, 56, 8B, 31, 7F, 0A, 8B, CF, E8, 5D, 49, FF, FF, 89, 45, FC, 8A, 0E, 80, F9, 44, 75, 12, 50, FF, 76, 0C, 57, E8, 30, 37, FF, FF, 83, C4, 0C, 89, 45, FC, EB, 19, 80, F9, 41, 75, 14, 6A, 00, 50, 89, 45, FC, 6A, 00, 6A, 71, 8B, C3, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
28 KB (28,672 bytes)

User Start Menu Item
Name:
{4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe


The file {4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe has been seen being distributed by the following 2 URLs.

http://www.disaronno.com/?y9czwpsczvqx7r=e9d7b0d0

http://www.disaronno.com/?6e7pdmgrnwgwh=40cc95455ab

Remove {4bfa3d62-bb06-3bfd-f277-ebea4bfa3d62}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.