» spring-holiday-img-shared-set001.jpeg.exe
Overview
Analysis
File Details
Downloads (2)

spring-holiday-img-shared-set001.jpeg.exe

Histogram Application

The executable spring-holiday-img-shared-set001.jpeg.exe has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.

File name:

Product:

Histogram Application

Description:

Histogram

Version:

1, 0, 0, 1

MD5:

4600871bcfa47d70685d5f32fa1c6723

SHA-1:

053c58572dbc6fcd772d228460cc8d81482089d0

SHA-256:

5aee30a712181f9ad42dddead83b5ed8f13c9ffca2606331b01de01ed3e63a06

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/24/2025 8:52:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1613695

902

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Spyware/Win32.Zbot

2014.08.13

Avira AntiVirus

TR/Spy.ZBot.rwtua

7.11.166.228

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140817

AVG

BackDoor.Generic18

2015.0.3380

Baidu Antivirus

Backdoor.Win32.Napolar

4.0.3.14817

Bitdefender

Trojan.GenericKD.1613695

1.0.20.1145

Bkav FE

W32.NvupdateSAJ.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19174

Dr.Web

Trojan.PWS.Panda.5841

9.0.1.0229

Emsisoft Anti-Malware

Trojan.GenericKD.1613695

8.14.08.17.05

ESET NOD32

Win32/Injector.BAHG (variant)

8.10247

Fortinet FortiGate

W32/Kryptik.QJ!tr

8/17/2014

F-Secure

Trojan.GenericKD.1613695

11.2014-17-08_1

G Data

Trojan.GenericKD.1613695

14.8.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.183.13029

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3394

Malwarebytes

Spyware.Zbot

v2014.08.17.05

McAfee

Necurs-FAUT!4600871BCFA4

5600.7036

Microsoft Security Essentials

Trojan:Win32/Napolar.A

1.10802

MicroWorld eScan

Trojan.GenericKD.1613695

15.0.0.687

NANO AntiVirus

Trojan.Win32.Panda.cwblem

0.28.2.61519

Norman

Troj_Generic.TCZQO

11.20140817

nProtect

Trojan.GenericKD.1613695

14.08.13.01

Panda Antivirus

Trj/CI.A

14.08.17.05

Qihoo 360 Security

Win32/Trojan.f64

1.0.0.1015

Quick Heal

TrojanPWS.Zbot.AP4

8.14.14.00

Sophos

Mal/Zbot-QJ

4.98

Total Defense

Win32/CInject.ITUWdZC

37.0.11116

Trend Micro House Call

TROJ_SPNR.09CP14

7.2.229

Trend Micro

TROJ_SPNR.09CP14

10.465.17

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.3

VIPRE Antivirus

Trojan-Ransom.Win32.Crypren.pql

32174

XVirus List

Win32.Detected

2.8.17

File size:

162.9 KB (166,760 bytes)

Product version:

1, 0, 0, 1

Original file name:

Histogram.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\spring-holiday-img-shared-set001.jpeg.exe

File PE Metadata

Compilation timestamp:

3/12/2014 8:57:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:/6tJ+MPxyL7uGsO6vD8A2cX9mTScsDG3yUDOCV4EfizKfvJQxl://fu1t2gIplV4Efi+XKH

Entry address:

0x2CD0

Entry point:

55, 8B, EC, 6A, FF, 68, 70, 47, 40, 00, 68, 56, 2E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, 42, 40, 00, 59, 83, 0D, 30, 62, 40, 00, FF, 83, 0D, 34, 62, 40, 00, FF, FF, 15, 30, 42, 40, 00, 8B, 0D, 24, 62, 40, 00, 89, 08, FF, 15, 2C, 42, 40, 00, 8B, 0D, 20, 62, 40, 00, 89, 08, A1, 28, 42, 40, 00, 8B, 00, A3, 2C, 62, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 40, 60, 40, 00, 75, 0C, 68, 52, 2E, 40, 00, FF, 15, 24, 42... 
[+]

Entropy:

7.5392

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

12 KB (12,288 bytes)

The file spring-holiday-img-shared-set001.jpeg.exe has been seen being distributed by the following 2 URLs.

http://catalog.chaosium.com/?wbxo1ruru600=e1a67ab771e2e86e2c017

http://catalog.chaosium.com/?m38ibhv4=4171c2aaf2045dfb3b0c77fa

Remove spring-holiday-img-shared-set001.jpeg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.