» streaming_player_start_playing.avi.exe
Overview
Analysis
File Details
Downloads (3)

streaming_player_start_playing.avi.exe

The executable streaming_player_start_playing.avi.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.

File name:

MD5:

03b338f7d6f8a6ac767acddb85e59bb1

SHA-1:

e3cb1c4bf9fda5f8b6219aea2330c8e3fc19a802

SHA-256:

e2988f8b091587b78b6bf2d7cddb1843f6b3889a60548fbf2c0348a6c0aaf3a1

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/25/2025 2:50:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.25036

369

Agnitum Outpost

Trojan.Injector

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransomlock

2015.04.22

Avira AntiVirus

TR/Injector.akrz

3.6.1.96

avast!

Win32:Napolar-BB [Trj]

2014.9-160131

AVG

SHeur4

2017.0.2847

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.16131

Bitdefender

Trojan.GenericKDZ.25036

1.0.20.155

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

TrojWare.Win32.Injector.BBSG

21848

Dr.Web

Trojan.PWS.Panda.5841

9.0.1.031

Emsisoft Anti-Malware

Trojan.GenericKDZ.25036

8.16.01.31.09

ESET NOD32

Win32/Injector.BBTZ

10.11509

Fortinet FortiGate

W32/Necurs.JQ!tr

1/31/2016

F-Secure

Trojan.GenericKDZ.25036

11.2016-31-01_1

G Data

Trojan.GenericKDZ.25036

16.1.25

IKARUS anti.virus

Virus.Win32.CeeInject

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15660

Kaspersky

Trojan.Win32.Reconyc

14.0.0.730

Malwarebytes

Spyware.Zbot.ED

v2016.01.31.09

McAfee

Generic-FAUT!03B338F7D6F8

5600.6503

Microsoft Security Essentials

Trojan:Win32/Napolar.A

1.1.11602.0

MicroWorld eScan

Trojan.GenericKDZ.25036

17.0.0.93

NANO AntiVirus

Trojan.Win32.Reconyc.cwwxqt

0.30.20.1219

Norman

Troj_Generic.TNHEM

11.20160131

nProtect

Trojan.GenericKDZ.25036

15.04.20.01

Panda Antivirus

Trj/Genetic.gen

16.01.31.09

Qihoo 360 Security

Win32/Trojan.e8b

1.0.0.1015

Quick Heal

TrojanPWS.Zbot.AP4

1.16.14.00

Sophos

Mal/Zbot-QT

4.98

Trend Micro House Call

TROJ_SPNR.09DE14

7.2.31

Trend Micro

TROJ_SPNR.09DE14

10.465.31

Vba32 AntiVirus

BScope.Malware-Cryptor.Hlux

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39548

ViRobot

Trojan.Win32.S.Agent.176128.RU[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Reconyc.Win32.1334

2.0.0.2146

File size:

172 KB (176,128 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\streaming_player_start_playing.avi.exe

File PE Metadata

Compilation timestamp:

4/6/2014 11:34:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.0

CTPH (ssdeep):

3072:bf98tfB+/1AzurMPwutRWaqgmy9XrUgpnuRCjMba3onlaFYH:r9eBqy7nbXrtVuRCYbSGYF6

Entry address:

0x31BE

Entry point:

55, 8B, EC, 6A, FF, 68, C8, 49, 40, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 4C, 42, 40, 00, 59, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, FF, 15, 50, 42, 40, 00, 8B, 0D, 4C, 64, 40, 00, 89, 08, FF, 15, 54, 42, 40, 00, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, 15, 03, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, FF, 15... 
[+]

Entropy:

7.6102

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

12 KB (12,288 bytes)

The file streaming_player_start_playing.avi.exe has been seen being distributed by the following 3 URLs.

http://catalog.chaosium.com/?4mwbqcinc7zu0w=73896e93dc0e73d4

http://catalog.chaosium.com/?hf84kgaw0rysps93=70c52d

http://catalog.chaosium.com/?65woxz95b=fc888e8b57db8b85dd61

Remove streaming_player_start_playing.avi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.