home

security_scanner.exe

The executable security_scanner.exe has been detected as malware by 31 anti-virus scanners. The file has been seen being downloaded from oruzwi.justdied.com.
MD5:
dbc350707641e4d0ff14eba59b230b7f

SHA-1:
cafb9a86a717e536f4185e472f3031e5dec3d538

SHA-256:
cb0132cae7cd82d3cfc2ab8c22a16f3174b6affae3c9fc00145a243119df4f17

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/25/2024 11:33:03 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Spyware/Win32.Zbot
2013.01.31

Avira AntiVirus
TR/Obfuscate.ACP.131
7.11.59.56

avast!
Win32:Fareit-AS [Trj]
2014.9-160212

AVG
FakeAlert
2017.0.2835

Bitdefender
Trojan.Generic.KDV.814206
1.0.20.215

Comodo Security
Heur.Suspicious
15110

Dr.Web
Trojan.Fakealert.20509
9.0.1.043

Emsisoft Anti-Malware
Trojan.FakeAV.Win32.CProtection.AMN
8.16.02.12.03

ESET NOD32
Win32/Kryptik.ATAB (variant)
10.7951

Fortinet FortiGate
W32/Zbot.ANQ!tr
2/12/2016

F-Secure
Trojan.Generic.KDV.814206
11.2016-12-02_6

G Data
Trojan.Generic.KDV.814206
16.2.22

IKARUS anti.virus
Virus.FakeAlert
t3scan.1.3.5.0

K7 AntiVirus
EmailWorm
13.160.8166

Kaspersky
Trojan-FakeAV.Win32.CProtection
14.0.0.672

Malwarebytes
Trojan.Agent
v2016.02.12.03

McAfee
PWS-Zbot.gen.ary
5600.6491

Microsoft Security Essentials
Rogue:Win32/FakeRean
1.163.1557.0

MicroWorld eScan
Trojan.Generic.KDV.814206
17.0.0.129

NANO AntiVirus
Trojan.Win32.FakeAV.bedfwd
0.22.8.49711

Norman
Troj_Generic.GFCZS
11.20160212

nProtect
Trojan.Generic.KDV.814206
13.01.30.01

Panda Antivirus
Trj/Agent.MIZ
16.02.12.03

Quick Heal
TrojanFakeAV.CProtection.enq
2.16.12.00

Sophos
Mal/Katusha-N
4.85

SUPERAntiSpyware
Trojan.Agent/Gen-Crypted
9328

Trend Micro House Call
TROJ_FAKEAV.KCZ
7.2.43

Trend Micro
TROJ_FAKEAV.KCZ
10.465.12

Vba32 AntiVirus
OScope.Malware-Cryptor.LOL.8113
3.12.20.0

VIPRE Antivirus
Trojan.Win32.Generic
15308

ViRobot
Trojan.Win32.A.CProtection.243200
2011.4.7.4223

File size:
237.5 KB (243,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\security_scanner.exe

File PE Metadata
Compilation timestamp:
4/28/2011 10:10:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:bKG8hAsKyeusalWk68eVgha6im9SUqgoih8HWb:bKG8hAny2al96zVPmEUq7ih9

Entry address:
0x4737

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 3C, 53, 56, 57, 68, 86, 94, 40, 00, C7, 44, 24, 24, 8E, 83, 49, F1, C7, 44, 24, 2C, 8F, 83, 49, F1, 68, BA, 94, 40, 00, FF, 15, A8, CF, 4D, 00, 6A, 01, 6A, 00, FF, 15, B0, CF, 4D, 00, 8D, 44, 24, 34, 89, 44, 24, 1C, 8D, 55, 04, E8, 30, D8, FF, FF, A3, 7E, 94, 40, 00, A1, 7E, 94, 40, 00, 8B, 40, 04, A3, 26, 94, 40, 00, A1, 7E, 94, 40, 00, 8B, 40, 08, A3, 76, 94, 40, 00, A1, 7E, 94, 40, 00, 8B, 40, 0C, A3, 7A, 94, 40, 00, C7, 44, 24, 10, 00, 00, 00, 00, A1, 26, 94, 40, 00, A3...
 
[+]

Entropy:
7.0935

Developed / compiled with:
Microsoft Visual C++

Code size:
31.5 KB (32,256 bytes)

The file security_scanner.exe has been seen being distributed by the following URL.

http://oruzwi.justdied.com/index.php?c=RaEQL35QhmInj4cGyK eUmLq2bPgW2GSiNy 2HVZf8nAluVQyGmfnDqQ11kBjE4EpXhdgKkccsLkwqY6SkCruf6R0txag7OpLffsDqSE9NPxW k=

Remove security_scanner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.