home

win8security_scanner.exe

The executable win8security_scanner.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from dlfzk.gr8domain.biz.
MD5:
d7e55776ee2a5ca682227ae3174a2b44

SHA-1:
72988818254083230975b20297f6310c0d584ff2

SHA-256:
27448735c40e09ac10aa1873ead57924d30c4c274d8ce132787ea0932a182be4

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/25/2024 11:28:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.Pakes
2013.10.08

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.106.58

avast!
Win32:MalOb-KU [Trj]
2014.9-160406

AVG
PSW.Generic10
2017.0.2782

Bitdefender
Trojan.Generic.KD.744177
1.0.20.485

Bkav FE
HW32.CDB
1.3.0.4246

Comodo Security
TrojWare.Win32.Agent.ODL
17069

Dr.Web
Trojan.Fakealert.20509
9.0.1.097

Emsisoft Anti-Malware
Trojan.Generic.KD.744177
8.16.04.06.03

ESET NOD32
Win32/Injector.XDW (variant)
10.8888

Fortinet FortiGate
W32/Zbot.AMX!tr
4/6/2016

F-Prot
W32/Zbot.GH.gen
v6.4.7.1.166

F-Secure
Trojan:W32/Agent.DUFR
11.2016-06-04_4

G Data
Trojan.Generic.KD.744177
16.4.22

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.0.127

K7 AntiVirus
Trojan
13.173.9807

Kaspersky
Trojan-FakeAV.Win32.CProtection
14.0.0.404

Malwarebytes
Trojan.Agent.PS
v2016.04.06.03

McAfee
PWS-Zbot.gen.amx
5600.6438

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!HL
1.163.1557.0

MicroWorld eScan
Trojan.Generic.KD.744177
17.0.0.291

NANO AntiVirus
Trojan.Win32.Zbot.bbugua
0.26.0.55203

Norman
Cridex.AF
11.20160406

Panda Antivirus
Trj/Genetic.gen
16.04.06.03

Quick Heal
VirTool.CeeInject.A
4.16.12.00

Rising Antivirus
Malware.Injector!497D
23.00.65.16404

Sophos
Troj/Karag-K
4.93

SUPERAntiSpyware
Trojan.Agent/Gen-FakeRean
9221

Total Defense
Win32/CInject.PH
37.0.10498

Trend Micro House Call
TSPY_ZBOT.SMKK
7.2.97

Trend Micro
TROJ_GEN.RC5CNIU
10.465.06

Vba32 AntiVirus
Trojan.Jorik.Zbot
3.12.24.3

VIPRE Antivirus
VirTool.Win32.CeeInject.gen.hl
22178

ViRobot
Trojan.Win32.A.CProtection.172544
2011.4.7.4223

File size:
168.5 KB (172,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\win8security_scanner.exe

File PE Metadata
Compilation timestamp:
9/29/2012 1:27:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:i+91LWRubNCPcAlsDs48hu9S1lNKyrqBPyuxeXRYac02rmtci3C:i+1vbN6TwVNUNKNP7x6hcib

Entry address:
0x1240

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 50, 72, 40, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 68, 72, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 5C, 72, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 5D, E9, 17, 17, 00, 00, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, B8, 88, 10, 00, 00, E8, 43, 19, 00, 00, 83, E4, F0, B8, 00, 00, 00, 00, 83, C0, 0F, 83, C0, 0F, C1, E8, 04, C1, E0, 04, 89, 85, 94, EF, FF, FF, 8B, 85, 94, EF, FF, FF, E8, 1E, 19...
 
[+]

Packer / compiler:
MingWin32 GCC, 0x3.x

Code size:
8 KB (8,192 bytes)

The file win8security_scanner.exe has been seen being distributed by the following URL.

http://dlfzk.gr8domain.biz/index.php?c=RaEdMCsEyD9o2pcO17KNED ne2mVXnU1pvgljYaaJ6Yzq1QhyrWzCCbmQcBh1wL4mxPwelJLpP2yK4iSk4=

Remove win8security_scanner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.