my_cute_pet_monkey-img0012.jpg.exe

The executable my_cute_pet_monkey-img0012.jpg.exe has been detected as malware by 38 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.disaronno.com.
MD5:
fa5699421c65d27663e336f42310676b

SHA-1:
f811ce52318d03723ed15053c45ab602655cf0a2

SHA-256:
003f8cb3223086c2d58f26545f755f8982aa2fc32d86f381246f730df7c72a64

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
11/23/2024 7:42:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.25054
349

Agnitum Outpost
Trojan.Sharik
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2015.10.27

Avira AntiVirus
TR/Inject.owlpanmw
8.3.2.2

Arcabit
Trojan.Generic.D61DE
1.0.0.585

avast!
Win32:Napolar-BB [Trj]
2014.9-160221

AVG
SHeur4
2017.0.2827

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.16221

Bitdefender
Trojan.GenericKDZ.25054
1.0.20.260

Comodo Security
TrojWare.Win32.Injector.OWLP
23480

Dr.Web
BackDoor.Tishop.122
9.0.1.052

Emsisoft Anti-Malware
Trojan.GenericKDZ.25054
8.16.02.21.10

ESET NOD32
Win32/Injector.BCLY (variant)
10.12468

Fortinet FortiGate
W32/Injector.BCKP!tr
2/21/2016

F-Prot
W32/S-9eda3028
v6.4.7.1.166

F-Secure
Trojan.GenericKDZ.25054
11.2016-21-02_1

G Data
Trojan.GenericKDZ.25054
16.2.25

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17655

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.628

Malwarebytes
Spyware.Zbot.ED
v2016.02.21.10

McAfee
Generic-FAUT!FA5699421C65
5600.6483

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12205.0

MicroWorld eScan
Trojan.GenericKDZ.25054
17.0.0.156

NANO AntiVirus
Trojan.Win32.Zbot.cwzmxj
0.30.26.3947

nProtect
Trojan.GenericKDZ.25054
15.10.26.01

Panda Antivirus
Trj/Genetic.gen
16.02.21.10

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
TrojanPWS.Zbot.AP4
2.16.14.00

Reason Heuristics
Malware.Ramnit
16.11.11.23

Sophos
Troj/Zbot-IEL
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Ursnif
9310

Total Defense
Win32/CInject.aAcBXQ
37.1.62.1

Trend Micro House Call
TROJ_MALKRYP.SM1
7.2.52

Trend Micro
TROJ_MALKRYP.SM1
10.465.21

Vba32 AntiVirus
Trojan.Sharik
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44838

ViRobot
Trojan.Win32.Inject.114688.K[h]
2014.3.20.0

File size:
84 KB (86,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\my_cute_pet_monkey-img0012.jpg.exe

File PE Metadata
Compilation timestamp:
4/23/2014 9:34:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
1536:h24vugZzrRaHhK4G5niBGlMtO+6RDUp5tY1AI3wuuGmxRdmbB/loAbqk:h2XBHM9niBAMYvZU1Y1AIArxOmXk

Entry address:
0x1D0C

Entry point:
55, 8B, EC, 6A, FF, E9, E4, 1B, 00, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, E8, F0, 18, 00, 00, 8B, CF, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, E8, A5, 03, 00, 00, 90, 8B, 0D, 4C, 64, 40, 00, 89, 08, E8, 17, 08, 00, 00, 90, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, C6, 09, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, 90, 90...
 
[+]

Entropy:
6.9265

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file my_cute_pet_monkey-img0012.jpg.exe has been seen being distributed by the following URL.

Remove my_cute_pet_monkey-img0012.jpg.exe - Powered by Reason Core Security