happy_holiday_video_mpg.exe

The application happy_holiday_video_mpg.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.4shared.com.
MD5:
aaffca6f5a145dfd8cfe6c4b8acc26a6

SHA-1:
078df5254a2b3d6a1450f0ef12bc78337d9f5592

SHA-256:
729f58f7aaa4aa2d9e1ea91289698d766f8a21b29da11dd4cb024308f14156eb

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:27:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2032901
177

Agnitum Outpost
Trojan.DR.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2014.12.29

Avira AntiVirus
TR/Crypt.Xpack.117296
7.11.198.114

avast!
Win32:LockScreen-AIN [Trj]
2014.9-160810

AVG
Inject2
2017.0.2655

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.16810

Bitdefender
Trojan.GenericKD.2032901
1.0.20.1115

Bkav FE
W32.ATVC_BustisocLTA.Trojan
1.3.0.6267

Dr.Web
Trojan.PWS.Panda.7708
9.0.1.0223

Emsisoft Anti-Malware
Trojan.GenericKD.2032901
8.16.08.10.01

ESET NOD32
Win32/Injector.BRMP (variant)
10.10937

Fortinet FortiGate
W32/Injector.LAWM!tr
8/10/2016

F-Secure
Trojan.GenericKD.2032901
11.2016-10-08_4

G Data
Trojan.GenericKD.2032901
16.8.24

IKARUS anti.virus
Trojan-Ransom.Win32.PornoAsset
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14468

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.-228

Malwarebytes
Trojan.GIFFU.ED
v2016.08.10.01

McAfee
Generic-FAVX!AAFFCA6F5A14
5600.6311

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!KK
1.11302

MicroWorld eScan
Trojan.GenericKD.2032901
17.0.0.669

NANO AntiVirus
Trojan.Win32.Gimemo.dknxcq
0.30.0.64448

Norman
ZBot.VMZV
11.20160810

nProtect
Trojan.GenericKD.2032901
14.12.26.01

Panda Antivirus
Trj/CI.A
16.08.10.01

Qihoo 360 Security
HEUR/QVM07.1.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/CInject.GXSOcPB
37.0.11355

Trend Micro House Call
TROJ_GEN.F0C2C00LP14
7.2.223

Trend Micro
TROJ_GEN.F0C2C00LP14
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
36182

File size:
219.1 KB (224,352 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\happy_holiday_video_mpg.exe

File PE Metadata
Compilation timestamp:
12/16/2014 8:59:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:3RlxhIPTfCCFVtIlcgPtR/J4xXNNTIrCZqFZC9BY:3DxJCjtIKgalRAT

Entry address:
0x275C

Entry point:
55, 8B, EC, 6A, FF, 68, D8, 3E, 40, 00, 68, 24, 2B, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E0, 33, 40, 00, 59, 83, 0D, A8, 51, 40, 00, FF, 83, 0D, AC, 51, 40, 00, FF, FF, 15, DC, 33, 40, 00, 8B, 0D, 9C, 51, 40, 00, 89, 08, FF, 15, D8, 33, 40, 00, 8B, 0D, 98, 51, 40, 00, 89, 08, A1, 18, 34, 40, 00, 8B, 00, A3, A4, 51, 40, 00, E8, 46, 03, 00, 00, 39, 1D, A0, 50, 40, 00, 75, 0C, 68, 0E, 2B, 40, 00, FF, 15, F8, 33...
 
[+]

Entropy:
7.7273

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
8 KB (8,192 bytes)

The file happy_holiday_video_mpg.exe has been seen being distributed by the following URL.

Remove happy_holiday_video_mpg.exe - Powered by Reason Core Security