home

zsucen loader v5.exe

Zsucen Loader

我只是小天

The executable zsucen loader v5.exe, “http://st.ev123.com/vip_wolfhack.html” has been detected as malware by 20 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6084.chomikuj.pl.
Publisher:
我只是小天

Product:
Zsucen Loader

Description:
http://st.ev123.com/vip_wolfhack.html

Version:
1.0.0.0

MD5:
a7ad129b9ffb382f991b7f3ba1462c05

SHA-1:
8555baf124d905e17cca6de17905b9845e745ada

SHA-256:
d457081ffd2365c8da082109d63e094ae0bedf73bb4cd7abb4186ff9959ca480

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
11/23/2024 10:23:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Packed
7.1.1

AhnLab V3 Security
HackTool/Win32.Agent
2014.08.12

Avira AntiVirus
TR/Black.Gen2
7.11.166.108

avast!
Win32:Malware-gen
2014.9-160806

AVG
Win32/Blacked
2017.0.2659

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.1686

Bkav FE
W32.Clodb72.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
19156

ESET NOD32
Win32/FlyStudio.Packed (variant)
10.10237

Fortinet FortiGate
W32/VMProtBad.A
8/6/2016

F-Secure
Gen:Variant.Kazy.428383
11.2016-06-08_7

IKARUS anti.virus
Trojan.Black
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.183.13014

McAfee
Artemis!A7AD129B9FFB
5600.6315

NANO AntiVirus
Trojan.Win32.Black.chplhb
0.28.2.61349

Norman
Troj_Generic.QCVTC
11.20160806

Qihoo 360 Security
Win32/Trojan.e6d
1.0.0.1015

Sophos
Mal/VMProtBad-A
4.98

Total Defense
Win32/Tnega.KBfAceB
37.0.11113

VIPRE Antivirus
Trojan.Win32.Generic
32120

File size:
1.8 MB (1,855,488 bytes)

Product version:
1.0.0.0

Copyright:
http://st.ev123.com/vip_wolfhack.html

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\downloads\zsucen loader v5.exe

File PE Metadata
Compilation timestamp:
10/5/2013 5:26:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:dYGiky6rKbxGKTW8acZK0Gh6exE2Go4nbO+a:aGeTWVaZGgey2GDbO+

Entry address:
0x3A132F

Entry point:
9C, C7, 04, 24, 82, 3B, BB, E8, 68, BA, C1, 56, 38, 88, 24, 24, C7, 04, 24, B7, E6, DB, 5A, 68, F8, 80, 20, 84, 9C, 8D, 64, 24, 08, E9, 2B, 8D, 08, 00, 66, 0F, BA, E2, 06, 57, 2F, 28, FC, 3F, 3F, 53, 05, BF, 43, F9, E6, 9F, 60, 89, 54, 24, 1C, 60, 8B, 45, 08, 9C, E8, 49, 4E, 08, 00, E9, 5E, D6, 07, 00, 66, F7, D6, 68, D2, BE, EB, 24, 8B, 7C, 24, 34, 66, 0F, BE, F2, 5E, 51, 5E, 8B, 74, 24, 34, E9, C5, 19, ED, FF, F7, 6A, F7, 3D, F1, 08, FF, 03, 2D, 2C, E3, C2, C9, 9C, 7B, 66, 25, 10, 92, 6B, 32, 95, B4, 0B...
 
[+]

Code size:
444 KB (454,656 bytes)

The file zsucen loader v5.exe has been seen being distributed by the following URL.

http://s6084.chomikuj.pl/File.aspx?e=88nnHORXH9dFDSzvIfMoMA_KKrBrxqLxfSo61tnCSESHWx9xF3IjasXGBbaEmstypYiWaIvwmh8ZIfbVlkSQT4Q5tjggPpL0PB12B8qsc6c2TrSTH5HtBtdYrRTnag8ReIcJEoN4YJlRamQgb9o3gw&pv=2

Remove zsucen loader v5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.