» zeusdemo.exe
Overview
Analysis
File Details
Downloads (9)

zeusdemo.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.gry-online.pl and multiple other hosts.

File name:

zeusdemo.exe

MD5:

a985758764ff875c388bf45866669a0d

SHA-1:

ca276377080f38ef4d1220968160ea0ddc0d6611

SHA-256:

84c187c4873a87e28d68ab843787fe841f64b4b28669fdd2fef7ab268d945c08

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 10:11:34 AM UTC (today)

File size:

46.5 MB (48,752,525 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\zeusdemo.exe

File PE Metadata

Compilation timestamp:

9/13/1996 7:39:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.20

CTPH (ssdeep):

786432:ceuQV9/XrNGtJlwQ6coc5di0l5WHFcyDmEyTAVHRJw6+KOGD:cepvbN31coc5dTlMHRbeKpD

Entry address:

0x323D

Entry point:

FF, 15, 58, 82, 40, 00, B1, 22, 38, 08, 74, 02, B1, 20, 40, 80, 38, 00, 74, 10, 38, 08, 74, 06, 40, 80, 38, 00, 75, F6, 80, 38, 00, 74, 01, 40, 33, C9, 51, 50, 51, 51, FF, 15, 5C, 82, 40, 00, 50, E8, 86, F8, FF, FF, C3, 55, 8B, EC, 83, EC, 28, 56, 8B, 45, 08, 33, F6, 89, 45, E8, 89, 75, E0, 89, 75, EC, C7, 45, D8, 03, 00, 00, 00, C7, 45, DC, CB, 32, 40, 00, C7, 45, E4, 04, 00, 00, 00, 68, 00, 7F, 00, 00, 56, FF, 15, 94, 83, 40, 00, 89, 45, F0, 89, 75, F4, 8D, 45, D8, 89, 75, F8, C7, 45, FC, 80, 68, 40, 00... 
[+]

Entropy:

7.9992

Packer / compiler:

WinZip, 0x32-bit SFX v6.x module

Code size:

14.5 KB (14,848 bytes)

The file zeusdemo.exe has been seen being distributed by the following 9 URLs.

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYTFWcUR0QWhtM0Q3emtEejVJODhXbVkxTDZTbzhjZFBtR0hiNVR1M1JmeDhSOUlRVDFGTlBkV3F0TlBOMlJTaVAvVEx6NU0wN1UyNk8rOCtaRFBvYXZIcytWdjNZdFBXMno0L0E3cjhjblY=

http://i.download.idg.pl/fannef/8b035f0e95304f7590dfb93b0f6cfc4a/54d766b3//zx/cyberjoy/dema/.../zeusdemo.exe

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYTFWcUR0QWhtM0Q3emtEejVJODhXbjZicE1OZURRSkFzN24zeW5jQUs0SXRmcUR4ZCtYOHg2NmFsQ3l4V3ZqdU1iUk5XWFZVN2lFc0dYTkdEYk9QWnJabEhoRnQ1MlpMZ1FQL3h0ejhVZnQ=

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYTFWcUR0QWhtM0Q3emtEejVJODhXbWw4TXU0blA4NklNUUc1eDk1N1Y0SmFhWW55OS9neEhuS3dPVVBmaC8ybm9YNUZjYnFNYU53OHVOMnMzY24yTnZaU0s3UThacTc4UUdkdHhIeHhYek4=

http://i.download.idg.pl/fannef/123125bdd7c88b5662d5b07ab112c90e/57a1e0c9//zx/cyberjoy/dema/.../zeusdemo.exe

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYTFWcUR0QWhtM0Q3emtEejVJODhXbHRmdkorTjEvbE1EVjd3WW9VcEdVK0Y2ZUtYWEZkaEE5cW9wc0V4SEdkOWJEM1piZndMOFpEQmRjMktjYWUrSzFycGxidlNPU0kwejVJTkZzbHRLTXg=

http://files.pobierz.pl/files/.../zeusdemo(downloads.pl).exe

http://i.download.idg.pl/fannef/a3abdeeb9ad6390b3eef5b2f6d486d94/562cffec//zx/cyberjoy/dema/.../zeusdemo.exe

http://files.downloadnow.com/s/software/35/83/30/.../zeusdemo.exe

Scan zeusdemo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.