cmyxw.exe

Direktumkehrverfahrens

Sophos Plc

The executable cmyxw.exe has been detected as malware by 28 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Sophos Plc  (signed and verified)

Product:
Direktumkehrverfahrens

Description:
Laufmaschenfeste

Version:
0.03.0006

MD5:
686eca14ed2da368b1574a43c0b3c2a4

SHA-1:
6364caa3005555b656048e6e17776d7aa4ddd519

SHA-256:
e478bf96186368fdc82d0ffbb365973ccb7571468c493ea9b1c0ee9dbb01dfe6

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/24/2024 4:46:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1958688
146

AhnLab V3 Security
Trojan/Win32.MDA
2014.11.13

Avira AntiVirus
TR/Dropper.VB.23178
7.11.184.246

avast!
Win32:Dropper-gen [Drp]
2014.9-160910

AVG
Inject2
2017.0.2624

Baidu Antivirus
Trojan.Win32.VBKryjetor
4.0.3.16910

Bitdefender
Trojan.GenericKD.1958688
1.0.20.1270

Emsisoft Anti-Malware
Trojan.GenericKD.1958688
8.16.09.10.02

ESET NOD32
Win32/Injector.BOVR (variant)
10.10714

Fortinet FortiGate
W32/VBKryjetor.VV!tr
9/10/2016

F-Secure
Trojan.GenericKD.1958688
11.2016-10-09_7

G Data
Trojan.GenericKD.1958688
16.9.24

IKARUS anti.virus
Trojan.Win32.Inject
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13993

Kaspersky
Trojan.Win32.VBKryjetor
14.0.0.-383

Malwarebytes
Spyware.Zbot.ED
v2016.09.10.02

McAfee
Artemis!686ECA14ED2D
5600.6280

Microsoft Security Essentials
Trojan:Win32/Miuref.F
1.11104

MicroWorld eScan
Trojan.GenericKD.1958688
17.0.0.762

NANO AntiVirus
Trojan.Win32.VBKryjetor.diehyr
0.28.6.63362

Norman
Troj_Generic.XDBRW
11.20160910

Panda Antivirus
Trj/Chgt.K
16.09.10.02

Quick Heal
TrojanPWS.Zbot.S3
9.16.14.00

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Tnega.TaLeBN
37.0.11276

Trend Micro House Call
TROJ_GEN.R047C0DKB14
7.2.254

Vba32 AntiVirus
TScope.Trojan.VB
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34744

File size:
135.1 KB (138,296 bytes)

Product version:
0.03.0006

Copyright:
Papierkonzern

Trademarks:
Partnermagazins

Original file name:
Potz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\ebmtion\cmyxw.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/25/2006 1:00:00 AM

Valid to:
4/1/2009 1:59:59 AM

Subject:
CN=Sophos Plc, OU=Q4, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sophos Plc, L=Abingdon, S=Oxfordshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6F20F96294006E1A8322B8D299D7D964

File PE Metadata
Compilation timestamp:
11/30/2014 4:57:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:YesXahcWazTEnnaeOka4OSl00pv7a2R3JPNwLd9D:qXgcG+g9Za2R9cd1

Entry address:
0x129C

Entry point:
68, 10, 89, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 38, DA, 30, 9B, 6F, 06, FA, 44, B1, 07, 63, EE, 49, 9B, E7, 92, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 73, 74, 0D, 0A, 43, 61, 4C, 61, 6E, 67, 77, 65, 69, 6C, 74, 65, 35, 00, 20, 20, 20, 20, 00, 00, 00, 00, FF, CC, 31, 00, 07, B2, EC, 41, 55, D1, 1C, 80, 4D, 89, 34, 0E, 52, 31, E4, AA, 04, 28, 45, FD, 03, 25, FA, 8D, 44, 83, 2D, 26, EC, 99, CB, 5B, 12, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
120 KB (122,880 bytes)

Remove cmyxw.exe - Powered by Reason Core Security