home

drpsu11.torrent[eng].exe

Torrent2Exe

http://www.torrent2exe.com

The executable drpsu11.torrent[eng].exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from ec.ccm2.net and multiple other hosts.
Publisher:
http://www.torrent2exe.com

Product:
Torrent2Exe

Version:
2.0.109.0

MD5:
941a808a71fc74df8e1d62d000ebf72e

SHA-1:
ba06b3de525b042fcbdc72df66da8f41e2f360e0

SHA-256:
88eadfa0801f75c756b673a1becacb7656a3a9d981cf1a1316b9c1957be17579

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/27/2024 3:49:49 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Laneul
1.3.0.4959

Dr.Web
Trojan.MulDrop4.21621
9.0.1.0110

SUPERAntiSpyware
Trojan.Agent/Gen-Reputation
10653

Trend Micro House Call
HV_ZYX_BK0829B6.TOMC
7.2.110

ViRobot
Trojan.Win32.A.Zbot.1620927
2011.4.7.4223

File size:
1.5 MB (1,620,927 bytes)

Product version:
2.0.109.0

Copyright:
© 2008 Torrent2Exe.com

Original file name:
Strapper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\drpsu11.torrent[eng].exe

File PE Metadata
Compilation timestamp:
9/23/2009 12:06:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:N0PwSC4MUmQ3H5LDWtOqOisI4sgeLrlG2vfqA525SE:wLp3ZLitHOi0Kn/525SE

Entry address:
0x2CF3

Entry point:
55, 8B, EC, 51, 51, 8D, 45, F8, 50, C7, 45, F8, 08, 00, 00, 00, C7, 45, FC, 20, 00, 00, 00, FF, 15, 10, 10, 40, 00, E8, 83, FF, FF, FF, 50, FF, 15, 80, 10, 40, 00, CC, CC, CC, CC, A8, 2E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C6, 2E, 00, 00, FC, 10, 00, 00, BC, 2D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, EA, 2E, 00, 00, 10, 10, 00, 00, C4, 2D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, 31, 00, 00, 18, 10, 00, 00, 54, 2E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8A, 32, 00, 00, A8, 10, 00, 00, AC, 2D, 00...
 
[+]

Entropy:
7.9662

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

The file drpsu11.torrent[eng].exe has been seen being distributed by the following 2 URLs.

http://ec.ccm2.net/www.commentcamarche.net/download/.../DRPSu11.torrent[eng]_11.exe

http://drp.su/.../DRPSu11.torrent[eng].exe

Remove drpsu11.torrent[eng].exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.