weapozqulfyp.exe

The executable weapozqulfyp.exe has been detected as malware by 25 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. While running, it connects to the Internet address static.115.86.76.144.clients.your-server.de on port 80 using the HTTP protocol.
MD5:
7c33752ecd15a3a9b2c535ebe8147cb5

SHA-1:
2a5cca50e31f66fc92e1d973996f45e69fd98ae6

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
11/27/2024 3:37:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.25054
1011

AhnLab V3 Security
Trojan/Win32.Ransomlock
14.04.30

Avira AntiVirus
TR/Crypt.ZPACK.65486
7.11.145.90

avast!
Win32:Zbot-TNW [Trj]
2014.9-140430

AVG
SHeur4
2015.0.3489

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14430

Bitdefender
Trojan.GenericKDZ.25054
1.0.20.600

Dr.Web
Trojan.Packed.26550
9.0.1.0120

Emsisoft Anti-Malware
Trojan.GenericKDZ.25054
8.14.04.30.10

ESET NOD32
Win32/Injector.BCLI
8.9726

Fortinet FortiGate
W32/Dorifel.AJZI!tr
4/30/2014

F-Secure
Trojan.GenericKDZ.25054
11.2014-30-04_4

G Data
Trojan.GenericKDZ.25054
14.4.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.6.1.0

Kaspersky
Trojan-Dropper.Win32.Dorifel
14.0.0.3938

Malwarebytes
Spyware.Zbot.ED
v2014.04.30.10

McAfee
BackDoor-FBZC!7C33752ECD15
5600.7145

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail
1.10502

MicroWorld eScan
Trojan.GenericKDZ.25054
15.0.0.360

Norman
Agent.BCBLJ
11.20140430

Panda Antivirus
Trj/Genetic.gen
14.04.30.10

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Sophos
Troj/Agent-AGVJ
4.98

Trend Micro
TSPY_FAREIT.SMT5
10.465.30

ViRobot
Trojan.Win32.Inject.114688.K
2011.4.7.4223

File size:
116 KB (118,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\pam.schneideron\weapozqulfyp.exe

File PE Metadata
Compilation timestamp:
4/23/2014 4:34:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
3072:w2XF7B9niBEktMkqmRgjDoAsCv//x7fGO8:n9VhmRggKndE

Entry address:
0x1D0C

Entry point:
55, 8B, EC, 6A, FF, E9, E4, 1B, 00, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, E8, F0, 18, 00, 00, 8B, CF, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, E8, A5, 03, 00, 00, 90, 8B, 0D, 4C, 64, 40, 00, 89, 08, E8, 17, 08, 00, 00, 90, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, C6, 09, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, 90, 90...
 
[+]

Entropy:
7.3329

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vme49ee.bsws.de  (81.209.182.37:80)

TCP (HTTP):
Connects to unknown.scnet.net  (204.93.213.45:80)

TCP (HTTP):
Connects to structives.com  (70.32.113.95:80)

TCP (HTTP):
Connects to static.115.86.76.144.clients.your-server.de  (144.76.86.115:80)

TCP (HTTP):
Connects to o-ho.ru  (78.47.135.34:80)

TCP (HTTP):
Connects to nina.juizi.com  (5.9.122.172:80)

TCP (HTTP):
Connects to nakedcumshots.com  (64.59.81.104:80)

TCP (HTTP):
Connects to msatest.com  (216.70.112.211:80)

TCP (HTTP):
Connects to msasys.com  (205.186.132.26:80)

TCP (HTTP):
Connects to mhintdin-unix.alicomitalia.it  (95.110.192.171:80)

TCP (HTTP):
Connects to ec2-54-229-116-65.eu-west-1.compute.amazonaws.com  (54.229.116.65:80)

TCP (HTTP):
Connects to cluster010.ovh.net  (213.186.33.19:80)

TCP (HTTP):
Connects to 173.192.210.69-static.reverse.softlayer.com  (173.192.210.69:80)

Remove weapozqulfyp.exe - Powered by Reason Core Security