home

vd-zingspeed-setup-106.exe

The executable vd-zingspeed-setup-106.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.game.zing.vn.
MD5:
d78031ad3c40e213f9ca10a858223db2

SHA-1:
ae47a5ca239ad80c59e6b1049d1697131a57012c

SHA-256:
ec0036d9b10b59e8bf28301fa5e64c4f6db7ea0e9e4667a0681f1d4cd68f5f79

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/25/2024 9:27:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160327-1

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.450.0

Norman
Win32.Sality.3
02.04.2016 17:35:19

File size:
1.2 MB (1,241,976 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\vd-zingspeed-setup-106.exe

File PE Metadata
Compilation timestamp:
2/17/2012 9:55:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:m3nZ/fbBRtabsnr7SQqlrxShx/AnYkLpLwwGF2ynphYy:m/X/r7wHA4nYkLpLj3ynLn

Entry address:
0xB583

Entry point:
60, 0F, A5, D0, 86, D4, F6, D3, 0F, C8, C1, D9, 81, 0F, CB, 89, C5, 0F, B6, D6, 0F, C0, F8, 0F, BD, E8, 80, E2, 8C, 2B, F0, 0F, A4, D2, 97, 0F, BA, FD, 29, 56, 68, 7D, 3A, B9, 00, 0F, BB, D6, 0D, 44, B4, 04, E2, C7, C5, 70, 6E, 68, 1B, 15, 78, 2D, B8, 30, 0F, BA, FD, 7D, E8, 00, 00, 00, 00, 0F, AF, C7, D3, FA, 69, F6, 1C, 29, C3, 1A, 0F, BC, DF, 40, 68, 32, 0D, 00, 00, F7, C6, 13, 44, 84, 55, 59, 0F, C1, FA, 8D, 05, 71, 40, 62, 3A, 0F, CB, 81, C1, FA, 01, 00, 00, 4F, BA, 09, 38, 41, 69, C0, F4, 6D, F2, 69...
 
[+]

Entropy:
7.9577  (probably packed)

Code size:
71.5 KB (73,216 bytes)

The file vd-zingspeed-setup-106.exe has been seen being distributed by the following URL.

http://download.game.zing.vn/.../VD-ZingSpeed-setup-106.exe

Remove vd-zingspeed-setup-106.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.