priv10-.exe

The executable priv10-.exe has been detected as malware by 23 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from allforbikers.com.
Version:
3, 3, 8, 1

MD5:
f61314009d4131614e5ee94d10621796

SHA-1:
2651b7d6fd8d8b31d1da5a03bb0eee2020d03d0f

SHA-256:
4a5ce9d9a984963ccd63fe24d19263f7e961ff29f7277aede8f2b6c13c78245f

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/25/2024 7:16:56 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Llac
2013.09.14

Avira AntiVirus
TR/Dropper.A.12354
7.11.102.100

avast!
AutoIt:Injector-EL [Trj]
2014.9-130823

AVG
Autoit_c
2014.0.3643

Baidu Antivirus
Trojan.Win32.Injector.Autoit
4.0.3.131126

Comodo Security
UnclassifiedMalware
16931

Dr.Web
Trojan.Proxy.25849
9.0.1.0330

Emsisoft Anti-Malware
Trojan.Win32.Llac
8.13.11.26.01

ESET NOD32
Win32/Injector.Autoit.QW (variant)
7.8796

Fortinet FortiGate
W32/Llac.DLEQ!tr
8/23/2013

G Data
Win32.Trojan.Agent.5HZJZO
13.11.22

IKARUS anti.virus
Worm.Win32.AutoIt
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9576

Kaspersky
Trojan.Win32.Llac
14.0.0.3766

McAfee
BackDoor-FBEK!F61314009D41
5600.7176

Microsoft Security Essentials
PWS:Win32/Zbot
1.163.1557.0

NANO AntiVirus
Trojan.Win32.Llac.cchdsk
0.26.0.54404

Norman
Troj_Generic.OMDQW
11.20131126

Panda Antivirus
Trj/CI.A
13.11.26.01

Sophos
Troj/AutoIt-WO
4.91

Trend Micro House Call
TROJ_FAKEAV.BMC
7.2.330

Trend Micro
TROJ_FAKEAV.BMC
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
21438

File size:
1.1 MB (1,183,882 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\priv10-.exe

File PE Metadata
Compilation timestamp:
1/29/2012 1:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ghkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aR1xv3p+3bX7HMkKk81rkM:oRmJkcoQricOIQxiZY1iaB2Rs

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Entropy:
6.5151

Code size:
514 KB (526,336 bytes)

The file priv10-.exe has been seen being distributed by the following URL.

Remove priv10-.exe - Powered by Reason Core Security