home

shared_image_friend_001.jpg.exe

The executable shared_image_friend_001.jpg.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from www.jakeshotel.com.
MD5:
29302a04c99917cdd3fb28e6344a9c30

SHA-1:
c6497036f9066b7b7ab37c545f9bb67592d814a8

SHA-256:
79383be6e083c033001f83705c7624e1d79b3bc1211e8d2526ee2c4bb1ebb5bb

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/24/2024 12:41:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.380270
365

Agnitum Outpost
Trojan.Sharik
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2015.09.24

Avira AntiVirus
TR/Dldr.Dofoil.T.57
8.3.2.2

Arcabit
Trojan.Kazy.D5CD6E
1.0.0.567

avast!
Win32:Agent-AYDC [Trj]
2014.9-160204

AVG
CoinMiner
2017.0.2843

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.1624

Bitdefender
Gen:Variant.Kazy.380270
1.0.20.175

Bkav FE
W32.VielatsLTAAA.Trojan
1.3.0.7237

Comodo Security
UnclassifiedMalware
23291

Dr.Web
Trojan.PWS.Panda.5841
9.0.1.035

Emsisoft Anti-Malware
Gen:Variant.Kazy.380270
8.16.02.04.10

ESET NOD32
Win32/Injector.BEJX (variant)
10.12296

Fortinet FortiGate
W32/Sharik.SNO!tr
2/4/2016

F-Prot
W32/S-b73dc9e1
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.380270
11.2016-04-02_5

G Data
Gen:Variant.Kazy.380270
16.2.25

IKARUS anti.virus
Trojan.CoinMiner
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17314

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.710

Malwarebytes
Spyware.Zbot.ED
v2016.02.04.10

McAfee
Generic-FAUT!29302A04C999
5600.6499

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12101.0

MicroWorld eScan
Gen:Variant.Kazy.380270
17.0.0.105

NANO AntiVirus
Trojan.Win32.Stealer.cxosgn
0.30.26.3725

Panda Antivirus
Trj/Dtcontx.L
16.02.04.10

Qihoo 360 Security
Win32/Trojan.0f1
1.0.0.1015

Quick Heal
TrojanDownloader.Upatre.A4
2.16.14.00

Rising Antivirus
PE:Malware.RDM.40!5.2E[F1]
23.00.65.16202

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_MALKRYP.SM1
7.2.35

Trend Micro
TROJ_MALKRYP.SM1
10.465.04

Vba32 AntiVirus
Trojan.Sharik
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Agent.agyk
44014

Zillya! Antivirus
Trojan.Sharik.Win32.656
2.0.0.2412

File size:
100 KB (102,400 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\shared_image_friend_001.jpg.exe

File PE Metadata
Compilation timestamp:
5/1/2014 7:24:35 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:AaNf9n9ZwiyxFWIXfvkxKr1ru+3wM18BmowhIduSM6g:AaNf9n92WycxKrluiwESc5

Entry address:
0x1DCB

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
12 KB (12,288 bytes)

The file shared_image_friend_001.jpg.exe has been seen being distributed by the following URL.

http://www.jakeshotel.com/?zig2j8p0=364535191927c

Remove shared_image_friend_001.jpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.