PCDialer.EXE

SoftPhone 1.0

Reve Systems Ltd.

The executable PCDialer.EXE has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from madeenacall9.net.
Publisher:
Reve Systems Ltd.

Product:
SoftPhone 1.0

Description:
PCDialer

Version:
1, 0, 1, 0

MD5:
0a169b0d9e0afd97684056960935a74f

SHA-1:
5c04ec9c126f712429d82862bb57ddba76fcb96c

SHA-256:
aad04e1a0e50a90ac80f6dd58f0b15e25ed524cf2edef1566f1ad18796519479

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 8:53:48 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160215-2

AVG
Win32/Zbot.F
2015.0.4530

Dr.Web
Win32.Rmnet.12
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit.N
10.0.0.5735

ESET NOD32
Win32/Ramnit.H virus
8.0.319.0

F-Prot
W32/Ramnit.E
4.6.5.141

F-Secure
Win32.Ramnit.N
5.15.21

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

McAfee
Virus.W32/Ramnit.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7429.0

Norman
Win32.Ramnit.N
29.02.2016 05:46:54

File size:
643.4 KB (658,824 bytes)

Product version:
1, 0, 1, 0

Copyright:
Reve Systems Ltd. (C) 2013

Original file name:
PCDialer.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pcdialer.exe

File PE Metadata
Compilation timestamp:
4/17/2013 11:33:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:N54xkWR/Zb+EEVE9iK931n3jLy5hI4pE5pVpzKOpuOMAjMFwApLmlh8VWj9:N5OkWdoEAC3g5hI4pCpOOpXRjMFB8lNJ

Entry address:
0x809000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
7.8561

Packer / compiler:
ASPack v1.08.04

Code size:
484 KB (495,616 bytes)

The file PCDialer.EXE has been seen being distributed by the following URL.

Remove PCDialer.EXE - Powered by Reason Core Security