cute_kitty_cat_img_001.jpg.exe

The executable cute_kitty_cat_img_001.jpg.exe has been detected as malware by 2 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.jakeshotel.com and multiple other hosts.
MD5:
ca27ced2514f0a6b78443b25619196ae

SHA-1:
3761fdb1fba6077159e166a45e72b02dd1c84a86

SHA-256:
f98c0c2a429ff450ce2da04b432365130cac9b9eb8bcf25bc5257cfbee93d233

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/27/2024 1:05:35 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
Spyware.Zbot.ED
v2014.05.15.07

Reason Heuristics
Threat.Win.Reputation.IMP
16.11.30.1

File size:
188 KB (192,512 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/9/2014 4:12:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:xwbEUR7ongnwcBhBO0R6Q3VY+wNdr2zYbxF1giQgMd9pGYwaq/ga:xwb97oYbByQ3VY+wNdr2zGQiQgMd5na

Entry address:
0x524D

Entry point:
54, 8B, EC, 83, EC, 10, A1, B8, 82, 40, 00, 33, C5, 89, 45, FC, 53, 56, 8B, 75, 0C, 90, 90, 90, 90, 57, 0F, 85, 8F, 01, 00, 00, 56, E8, F3, C2, FF, FF, 83, F8, FF, 59, BF, 90, 4A, 42, 00, 74, 2E, 56, E8, 9C, FF, FF, FF, 83, F8, FE, 59, 74, 22, 56, E8, 90, FF, FF, FF, C1, F8, 05, 56, 8D, 1C, 85, 40, 86, 42, 00, E8, 80, FF, FF, FF, 83, E0, 1F, 59, C1, E0, 06, 03, 03, 59, EB, 02, 8B, C7, 8A, 40, 24, 24, 7F, 3C, 02, 0F, 84, 41, 01, 00, 00, 56, E8, 5F, FF, FF, FF, 83, F8, FF, 59, 74, 2E, 56, E8, 53, FF, FF, FF...
 
[+]

Code size:
20 KB (20,480 bytes)

The file cute_kitty_cat_img_001.jpg.exe has been seen being distributed by the following 2 URLs.

http://www.jakeshotel.com/?ng2ht89vi=c3b50313f0b6facf

Remove cute_kitty_cat_img_001.jpg.exe - Powered by Reason Core Security