home

desktop.exe

The executable desktop.exe has been detected as malware by 10 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.gemtree.com.
MD5:
ffc41bd361cfd179bc66b19dfc295a2a

SHA-1:
a4be32b1ccc1b763b237e288871fbba388e07260

SHA-256:
906c163d1d1226cffdc60a6df86dd9e1dd4a79b0e749f3bd225503f045ac936a

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
2/25/2025 6:04:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Ramnit-CC [Trj]
160503-1

AVG
Win32/Zbot.G
2015.0.4568

Emsisoft Anti-Malware
Gen:Variant.Kazy.617935
16.06.11

F-Prot
W32/Ramnit.B!Generic
4.6.5.141

F-Secure
Variant.Kazy.617935
5.15.96

McAfee
Virus.W32/Ramnit.a
18.0.204.0

Norman
Gen:Variant.Kazy.617935
28.05.2016 15:32:18

File size:
1.4 MB (1,483,161 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\desktop.exe

File PE Metadata
Compilation timestamp:
11/25/2002 8:06:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:pCsCPKKXv/bGQGE3FUTf32suLg4Dt5MXdUT6GX:JCPXf6QGE1UT/34Dt5Mo6+

Entry address:
0x140000

Entropy:
6.9779

Code size:
200 KB (204,800 bytes)

The file desktop.exe has been seen being distributed by the following URL.

http://www.gemtree.com/.../desktop.exe

Remove desktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.