home

install.exe

The application install.exe has been detected as a potentially unwanted program by 38 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from gmyeizw.myvnc.com.
MD5:
221f4094f48df7b694c3264fb10c6252

SHA-1:
99e755cf28d8c9a9bc828a640cb4a4bdb364c47c

SHA-256:
b153d4c0c0485039f77e981e6259da6f0b277514501482da8e724d4b9cda336a

Scanner detections:
38 / 68

Status:
Potentially unwanted

Analysis date:
1/14/2025 11:34:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.VIZ.Gen.1
361

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.FakeAV
2015.05.22

Avira AntiVirus
TR/Winwebsec.EB.7
8.3.1.6

avast!
Win32:FakeAV-FGS [Trj]
2014.9-160208

AVG
FakeAV_s
2017.0.2839

Baidu Antivirus
Adware.Win32.FakeAV
4.0.3.1628

Bitdefender
Trojan.VIZ.Gen.1
1.0.20.195

Bkav FE
W32.FakeAVisD.Adware
1.3.0.6379

Comodo Security
TrojWare.Win32.Kryptik.BLUM
22207

Dr.Web
Trojan.FakeAV.16083
9.0.1.039

Emsisoft Anti-Malware
Trojan.VIZ.Gen
8.16.02.08.09

ESET NOD32
Win32/AdWare.FakeAV
10.11667

Fortinet FortiGate
W32/Kelihos.BQGD!tr
2/8/2016

F-Secure
Trojan.VIZ.Gen.1
11.2016-08-02_2

G Data
Trojan.VIZ.Gen
16.2.25

IKARUS anti.virus
Trojan.Win32.FakeAV
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.204.15994

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.691

Malwarebytes
Malware.Packer.FFS
v2016.02.08.09

McAfee
Generic-FANU!221F4094F48D
5600.6495

Microsoft Security Essentials
Trojan:Win32/Bulta!rfn
1.1.11701.0

MicroWorld eScan
Trojan.VIZ.Gen.1
17.0.0.117

NANO AntiVirus
Trojan.Win32.FakeAV.csamtj
0.30.24.1636

Norman
Kryptik.CCFN
11.20160208

nProtect
Trojan.VIZ.Gen.1
15.05.22.01

Panda Antivirus
Trj/Genetic.gen
16.02.08.09

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
TrojanPWS.Zbot.Gen
2.16.14.00

Rising Antivirus
PE:Malware.AntiWare!1.9D9B
23.00.65.16206

Sophos
Mal/FakeAV-UF
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Winwebsec
9335

Total Defense
Win32/Winwebsec.fLJAHQ
37.1.62.1

Trend Micro House Call
BKDR_KELIHOS.SMF
7.2.39

Trend Micro
BKDR_KELIHOS.SMF
10.465.08

Vba32 AntiVirus
Heur.Trojan.Hlux
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Kryptik.mwe
40456

Zillya! Antivirus
Trojan.SmartFortress2012.Win32.16849
2.0.0.2187

File size:
519.5 KB (531,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install.exe

File PE Metadata
Compilation timestamp:
10/1/2013 1:23:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:yMadZY1uVz5QLV1XiPsw06iEE6uWbj0C4zmMpay:yMaQsReuu6RE63b2N0y

Entry address:
0x4246

Entry point:
8D, 0C, 24, 66, 81, E9, 00, FF, 0F, 82, 58, 00, 00, 00, 68, B0, AF, BF, FF, 5A, F7, DA, B8, B1, 52, 40, 00, 8B, CA, 40, 8B, 31, 50, E8, 43, 00, 00, 00, B9, FF, EF, FE, FF, 1B, F0, F7, D1, 1B, F1, 72, 33, 8B, C8, 83, C0, 3C, 8A, 08, BA, 00, 10, 00, 00, 90, BE, B1, 52, 40, 00, 8D, 81, A4, 00, 00, 00, 39, 10, 76, 17, B9, 4E, 21, 77, 19, 46, 0F, C9, 81, C1, 48, 99, 1E, B2, FF, E1, B8, 80, 00, 00, 00, 5C, 4A, 8B, C1, C3, A1, 0C, 50, 40, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9419  (probably packed)

Code size:
16 KB (16,384 bytes)

The file install.exe has been seen being distributed by the following URL.

http://gmyeizw.myvnc.com/.../TQ8tunW k=

Remove install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.