HUSTIN TX 2013 Inc..exe

Daniel Atallah

The file HUSTIN TX 2013 Inc..exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
HUSTIN TX 2013 Inc.  (signed by Daniel Atallah)

Product:
HUSTIN TX 2013 Inc.

Version:
7.08.0002

MD5:
e73e7e8261ed400b6df8efccf1152db5

SHA-1:
e3b89fbd60eebb3a3f8007d10f3b1b65cbfa2709

SHA-256:
c7419c0029efbbf8070df206d987c9daf8ea5f1992b6930aac29482a56ca8181

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
12/25/2024 4:48:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.56991
115

Agnitum Outpost
Trojan.Muref
7.1.1

AhnLab V3 Security
Trojan/Win32.Miuref
2015.11.26

Avira AntiVirus
TR/Dropper.VB.37231
8.3.2.4

Arcabit
Trojan.Symmi.DDE9F
1.0.0.624

avast!
Win32:Malware-gen
2014.9-161012

AVG
Atros2
2017.0.2593

Baidu Antivirus
Trojan.Win32.Muref
4.0.3.161012

Bitdefender
Gen:Variant.Symmi.56991
1.0.20.1430

Dr.Web
Trojan.Siggen6.23087
9.0.1.0286

Emsisoft Anti-Malware
Gen:Variant.Symmi.56991
8.16.10.12.09

ESET NOD32
Win32/Boaxxe.BR
10.12627

Fortinet FortiGate
W32/Injector.CLVS!tr
10/12/2016

F-Secure
Gen:Variant.Symmi.56991
11.2016-12-10_4

G Data
Gen:Variant.Symmi.56991
16.10.25

IKARUS anti.virus
Trojan.Win32.Boaxxe
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17980

Kaspersky
Trojan.Win32.Muref
14.0.0.-542

Malwarebytes
Trojan.Crypt.VB
v2016.10.12.09

McAfee
GenericATG-FCDR!E73E7E8261ED
5600.6249

Microsoft Security Essentials
Trojan:Win32/Miuref.F
1.1.12300.0

MicroWorld eScan
Gen:Variant.Symmi.56991
17.0.0.858

NANO AntiVirus
Trojan.Win32.Muref.dyqovu
0.30.26.4751

Panda Antivirus
Trj/Genetic.gen
16.10.12.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
TrojanPWS.Zbot.G3
10.16.14.00

Sophos
Troj/Miuref-AI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
8842

Trend Micro
TROJ_GEN.USEK17BCN
10.465.12

Vba32 AntiVirus
Trojan.Muref
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45440

ViRobot
Trojan.Win32.Z.Muref.145448.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Muref.Win32.146
2.0.0.2532

File size:
142 KB (145,448 bytes)

Product version:
7.08.0002

Original file name:
HUSTIN TX 2013 Inc..exe

Language:
Búlgaro (Bulgaria)

Common path:
C:\users\{user}\appdata\local\packages\windows_ie_ac_001\ac\temp\5fc3.tmp

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
9/11/2014 4:36:56 AM

Valid to:
9/11/2016 5:37:54 AM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
1015

File PE Metadata
Compilation timestamp:
1/21/2016 1:07:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:L3W7t4MbHKHGm3JZnq333339suS0buEIZE:67t4mHKj3JD0bua

Entry address:
0x1288

Entry point:
68, 38, 65, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, A6, 00, DD, 8E, 23, B7, EC, 42, 91, C0, 16, 27, 5C, 0E, 50, E1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 31, 00, 00, 00, 00, 00, 4C, 65, 68, 72, 67, 61, 6E, 67, 73, 6B, 6F, 73, 74, 65, 6E, 35, 00, 08, 41, 00, 20, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, D6, C3, F0, D3, E8, DC, D2, 41, 8D, 23, AB, 5B, E3, 35, AB, 07, AF, 17, 9A, E2, FD, 14, BC, 40, B1, 42, 1E, 4A, EA, 10, 82, 39, 3A, 4F, AD...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
116 KB (118,784 bytes)

Remove HUSTIN TX 2013 Inc..exe - Powered by Reason Core Security