home

oxisepk.exe

Maskiseft Visaal Studio 2010

Maskiseft Corporatien

The executable oxisepk.exe, “Maskiseft Visaal Studie 2010” has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. While running, it connects to the Internet address hosted.by.cirn.net on port 80 using the HTTP protocol.
Publisher:
Maskiseft Corporatien

Product:
Maskiseft® Visaal Studio® 2010

Description:
Maskiseft Visaal Studie 2010

Version:
1.9.43074.5121 built by: SP1Rel

MD5:
c2c5c801199ff3b5b7b719cecbc5bb53

SHA-1:
ba9494f9fcf8c05fc33251497f384b608f433547

SHA-256:
67d88cdf81d86b54638586079f9c578ae34516d8371d2067de0ae50c205ff059

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
11/25/2024 10:42:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Zbot.IKA
902

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.08.13

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:Malware-gen
140813-1

AVG
Trojan horse SHeur4.CAIK
2014.0.4007

Bitdefender
Trojan.Zbot.IKA
1.0.20.1145

Bkav FE
HW32.CDB
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Zbot.IKA
9.0.0.4324

ESET NOD32
Win32/Spy.Zbot.ABA trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CHDI!tr
8/17/2014

F-Prot
W32/A-2f38dbbf
v6.4.7.1.166

F-Secure
Trojan.Zbot.IKA
11.2014-17-08_1

G Data
Trojan.Zbot.IKA
14.8.24

K7 AntiVirus
Trojan
13.183.13029

Kaspersky
Trojan-Spy.Win32.Zbot
15.0.0.494

Malwarebytes
Trojan.Zbot.gen
v2014.08.17.10

McAfee
PWSZbot-FABW!62A4BC8B89FC
5600.7036

Microsoft Security Essentials
Threat.Undefined
1.179.2954.0

MicroWorld eScan
Trojan.Zbot.IKA
15.0.0.687

NANO AntiVirus
Trojan.Win32.XPACK.ddtjne
0.28.2.61519

nProtect
Trojan.Zbot.IKA
14.08.14.01

Panda Antivirus
Trj/Genetic.gen
14.08.17.10

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.17.10

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14815

Sophos
Troj/Agent-AIIM
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FalComp
10416

Total Defense
Win32/Zbot.dWVDLSD
37.0.11124

VIPRE Antivirus
Threat.4789469
31208

File size:
298.5 KB (305,701 bytes)

Product version:
1.9.43074.5121

Copyright:
© Maskiseft Corporatien. All rights reserved.

Original file name:
divonv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\ytnyci\oxisepk.exe

File PE Metadata
Compilation timestamp:
5/12/2012 11:05:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:+kytmLSgaSwGhn0f2rRDTHOKqgYGmIWvlRAuOxRwrCg8ealgymI:Yaae0CNTHONBIWvluuIRwrC3oI

Entry address:
0xC97C

Entry point:
55, 8B, EC, 81, EC, D4, 00, 00, 00, B8, DC, D0, 00, 00, 89, 45, F4, 53, 05, 00, 00, 21, 4D, B9, 36, 00, 00, 00, EB, 08, BA, 51, AB, 00, 00, 89, 55, 94, 56, 83, F2, E2, BA, 85, 0A, 00, 00, 6A, 70, 68, 00, 56, 7A, 25, 52, 6A, 31, E8, CF, 1F, 00, 00, 83, C4, 10, 57, 8B, 55, F4, 89, 55, F4, 89, 45, F4, 6A, 00, 6A, 00, 6A, 3E, 68, 78, CA, 42, 00, FF, 15, 40, 4E, 42, 00, 83, E8, 83, 3B, 05, 78, CA, 42, 00, 75, 50, 8B, 75, F4, 2B, F0, 68, 00, 69, B2, FF, 6A, D0, 50, 6A, 61, 50, E8, 91, 1F, 00, 00, 83, C4, 14, 50...
 
[+]

Entropy:
7.8339

Developed / compiled with:
Microsoft Visual C++

Code size:
139 KB (142,336 bytes)

Scheduled Task
Task name:
Security Center Update - 804272941

Trigger:
Daily (Runs daily at 10:00 AM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip0x017.map2.ssl.hwcdn.net  (209.197.3.23:80)

TCP (HTTP):
Connects to utsapi-adcom-mtc.evip.aol.com  (64.12.68.22:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to server-54-230-90-77.ind6.r.cloudfront.net  (54.230.90.77:80)

TCP (HTTP):
Connects to server-54-230-89-84.ind6.r.cloudfront.net  (54.230.89.84:80)

TCP (HTTP):
Connects to server-54-230-89-114.ind6.r.cloudfront.net  (54.230.89.114:80)

TCP (HTTP):
Connects to server-54-230-88-92.ind6.r.cloudfront.net  (54.230.88.92:80)

TCP (HTTP):
Connects to server-54-230-88-17.ind6.r.cloudfront.net  (54.230.88.17:80)

TCP (HTTP):
Connects to retarget.lc.dc.openx.org  (173.241.244.7:80)

TCP (HTTP):
Connects to presentation-atl1.turn.com  (50.116.194.21:80)

TCP (HTTP SSL):
Connects to pr-east.pbp.vip.bf1.yahoo.com  (98.139.225.168:443)

TCP (HTTP):
Connects to ord08s12-in-f27.1e100.net  (74.125.225.27:80)

TCP (HTTP):
Connects to ord08s12-in-f26.1e100.net  (74.125.225.26:80)

TCP (HTTP SSL):
Connects to ord08s12-in-f1.1e100.net  (74.125.225.1:443)

TCP (HTTP):
Connects to ord08s11-in-f28.1e100.net  (173.194.46.92:80)

TCP (HTTP):
Connects to ord08s11-in-f26.1e100.net  (173.194.46.90:80)

TCP (HTTP):
Connects to ord08s11-in-f25.1e100.net  (173.194.46.89:80)

TCP (HTTP SSL):
Connects to ord08s08-in-f2.1e100.net  (74.125.225.98:443)

TCP (HTTP SSL):
Connects to ord08s06-in-f27.1e100.net  (74.125.225.59:443)

TCP (HTTP):
Connects to ord08s06-in-f26.1e100.net  (74.125.225.58:80)

Remove oxisepk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.