loader.exe

The application loader.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from docs.google.com and multiple other hosts.
MD5:
c5c9d23958596a941c5044b2b5919963

SHA-1:
01f0cdc11ee95da07bf2b2c2734d146486891a8f

SHA-256:
4692e3d5d67f374ad1418d3044178d704bf8acec376c4c9e48b351807cbd6246

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:22:52 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
141214-1

Bkav FE
W32.Clod1fc.Trojan
1.3.0.4613

ESET NOD32
MSIL/HackTool.WinActivator.A potentially unsafe application
6.3.12010.0

Rising Antivirus
PE:Trojan.Win32.VBInject.ati!1075329402
23.00.65.14109

ViRobot
Trojan.Win32.A.Zbot.3541702
2011.4.7.4223

File size:
3.4 MB (3,541,702 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\loader.exe

File PE Metadata
Compilation timestamp:
9/20/2007 2:34:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:e/w8hJ8dYXhKDKZv4ajwhIgJWxMq/q2uk7fWCrz33T:yDhnIDNajwhTJWxMq/q2F+QLD

Entry address:
0x51480

Entry point:
60, BE, 00, 60, 44, 00, 8D, BE, 00, B0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
48 KB (49,152 bytes)

The file loader.exe has been seen being distributed by the following 17 URLs.

https://docs.google.com/uc?authuser=0&id=0B-miWMB52I2gZi1adTBjclg1QTQ&export=download

https://fs10n4.sendspace.com/dl/557a8e8050efc753ea337e069e2319ab/585e546111347ce1/.../Loader.exe

https://fs10n5.sendspace.com/dl/c6ced845cf14b5df5f890362adf7f21a/56da0e127c9c3c98/.../Loader.exe

https://cdn.discordapp.com/attachments/156970097607442432/.../Windows_7_ULTIMATE_activator_by_Lord_Tidus.exe

https://fs10n2.sendspace.com/dl/c12cc11f3bf97bc9095b049e8cac5690/57f696e55e809d53/.../Loader.exe

https://fs10n1.sendspace.com/dl/161f0f12b885b3a08c2b71990038140b/580a81751145f3df/.../Loader.exe

https://onedrive.live.com/download.aspx?cid=A19EF7306CC9C83C&resid=A19EF7306CC9C83C!807&canary=M1s rIANVntkDKgj6llLTtD/.../wv0Ws=7&ithint=.exe

https://docs.google.com/uc?authuser=0&id=0B3kd565GXHcSR18zRDlwVVhSeGM&export=download

https://fs10n1.sendspace.com/dl/81028ccb800cfdabffda0f575439a04d/5776d88f757ed363/.../Loader.exe

ftp://10.0.0.199/USER/Desktop/Trabalhos/Cracks for x64 x86/ALL WORKING ACTIVATORS/.../Loader.exe

about:internet

Remove loader.exe - Powered by Reason Core Security