Multi-License Discount Quote

Change Region

English
Threat Database Trojans PWSteal.Zbot.AJ

PWSteal.Zbot.AJ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 1,606
Threat Level: 50 % (Medium)
Infected Computers: 75,093
First Seen: April 29, 2013
Last Seen: January 31, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Panda Generic Trojan
AVG SHeur4.AYNG
Ikarus Trojan.SuspectCRC
AntiVir TR/Agent.AQTJ.3
Avast Win32:Agent-AQTJ [Trj]
Panda Trj/Dtcontx.D
AVG PSW.Generic11.HMV
Fortinet W32/Injector.AFPT!tr
Ikarus Backdoor.Win32.Zegost
AhnLab-V3 Spyware/Win32.Zbot
Microsoft PWS:Win32/Zbot.AJ
AntiVir TR/Zusy.45135
Comodo Heur.Suspicious
Kaspersky Backdoor.Win32.Zegost.sey
Avast Win32:Rootkit-gen [Rtk]

SpyHunter Detects & Remove PWSteal.Zbot.AJ

File System Details

PWSteal.Zbot.AJ may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. uaccache.exe 3643177f2b3597583134a14ca3f492aa 15
2. 7798394.exe 8a4c452974395c114083f107b3fc9868 1

Analysis Report

General information

Family Name: PUP.Keygen.M
Packers: ASPack v2.12
Signature status: No Signature

Known Samples

MD5: 65b954667703e99b514735c9e92d2008
SHA1: 9beefc8f7e7e9aaaf0c63ec494a02e92e1f32da9
File Size: 74.75 KB, 74752 bytes
MD5: 80f3774d301620d7a66c1fac6dface95
SHA1: 596126f516391fa6891878467fdfcdb01a53635d
File Size: 667.14 KB, 667140 bytes
MD5: 53ba47bfc5a346500a4f0d6f8b921798
SHA1: 70def5fac6d40a8c48e8997eae406b98db4dfd21
File Size: 163.84 KB, 163840 bytes
MD5: 190a53a8279a8028636ba9925b600933
SHA1: e4d1c6dfdc97ae2a4b0cf415a15804b7e3fe2e1a
SHA256: 09CD11DDCB3F2BD2DBE4DA60E4111E60ED3A2AE7CD58E11D8EEBFA21E55B861C
File Size: 331.26 KB, 331264 bytes
MD5: 350e6d0267b086df129212ec3d68fc51
SHA1: 38d49e13414e2cfce3b24df6fb50590b4ad0d768
SHA256: 9C87CC89C47FCEB1BFD59127BE9EFFB3DC1217BFFD0619D98C8AFE3C462DFA8B
File Size: 34.82 KB, 34816 bytes
Show More
MD5: eb2de8182df167971afd78ed01d47437
SHA1: 83104872fef55e1f5f1081b48e99ccd3ab250439
SHA256: 8228C54F145F94D62E37A648FFABE8C2DE92F48D21A5B152653FD6153D4D877B
File Size: 259.33 KB, 259330 bytes
MD5: e3d011f4646e6975a085b6db777db876
SHA1: c1ef3754ff9eee175ec825bb68d116566cca51af
SHA256: 8244A2A63703695FC6BE8E0E72423D8C31483BDF809E28876015DD8709ED61C0
File Size: 724.48 KB, 724480 bytes
MD5: 9f2ed57b503b9a251e008c11314aafc5
SHA1: 16808ea30814c4b3cfb1635aa86f3f90f81ba466
SHA256: E25AC276E0A07BAADF7FBCA3B441C69649961AA88E5EEEE54A9B5157EE5525C2
File Size: 94.72 KB, 94720 bytes
MD5: 50116747a8f71db7da4022a10a29dc02
SHA1: c4386ad765d4be93c4d134596480f61e7586d011
SHA256: 2C0C165AF9F25DD1A9A3CD37D0A3E37FF2B966CC21071E270938CD44ACED25A8
File Size: 441.34 KB, 441344 bytes
MD5: 74d51ccf93aba543e0e7cf1263fcfcdb
SHA1: e8c3cafeb85d4445c83fbafe8444d52aab135b5d
SHA256: 4186BB2CD794844B10FA8E94E2DF2D389F17BE4B07E61791734E950F1926AD87
File Size: 199.17 KB, 199168 bytes
MD5: a467f0619f3fa6f3475df45ae16d4a70
SHA1: 5fc6d4945461be7c80c30c792658a94f718f7e9c
SHA256: 09117DBBCA18065102B17F7EA37552ED8F8C024283C02FA891A22A3EFA96E284
File Size: 1.09 MB, 1088139 bytes
MD5: 5594eef3d94d657db5d073421a7fb400
SHA1: f1c29907d2878f165f5e48e52cf774be76ea4ed4
SHA256: 4E6190090E30F39DC5D828152196261A65AFB3BC4D8EE925C2C2F1570C21C322
File Size: 104.96 KB, 104960 bytes
MD5: f8779c5b0e703cf6142d53911c95d483
SHA1: f209dced5f0492e7b4ef8799638ee546efc14fc0
SHA256: 604D303DE1D21AEB5A20E47C4F8E436C881F6F890CCEB62A2C70A9588EA7B8E1
File Size: 247.81 KB, 247808 bytes
MD5: 3b27bc027637aca0f2d9ef57944086a8
SHA1: 8edcbbfe46eafe3a0306e0512f1f04c8af978257
SHA256: 29A71722399CE32C8B57D3AC01E537DF79B82340E36CC51ECC5315BAE72E2E3A
File Size: 121.34 KB, 121344 bytes
MD5: cd231bf4a9e06a0a3dfcd1a1f7cd1508
SHA1: 5731a0fe7c367b91f886c31fcc3364b1057086ab
SHA256: ACC5B02F585436EDE57CC4961E5219D1990EF161A930E74214E17ACEB2B5AFAA
File Size: 249.50 KB, 249505 bytes
MD5: 6defdcc86d7db45bbd3aaa1f8152ef86
SHA1: 79e55eb9102b3649376ba7d5157d1c0cacc84397
SHA256: 6840C6D5B353D523D0644F65D5ADA60C7F7CF4B01C148B803301D31F4895D72F
File Size: 141.31 KB, 141312 bytes
MD5: bee049a273a8587a2a67026a38f9ab48
SHA1: f5749e65ebe2ec9cb95494e0bb6b6c0132e85273
SHA256: C5CF7450EB6503E2EE8248530518B9017F6C55F4AE9AA80E9C742A59D8F5E693
File Size: 289.28 KB, 289280 bytes
MD5: ae8f6e03a3c55ef5866f0adcd04e90e3
SHA1: 9c49d87ccf6d4c6d23788edda4edc18d7528b417
SHA256: 4F1CF6C91C5B34D9DC63D02CD5859A40D112004C9877C51A8A295755B6840FE0
File Size: 237.57 KB, 237568 bytes
MD5: 09c1cfe7774ab9f26376a376950a9033
SHA1: 3bff5aefab5add81c57abd0ab52981943c55ca68
SHA256: A37ED2A9AE917B724B970B999D2955CE402498D8BFD5A5DDC8CF114950087D85
File Size: 75.26 KB, 75264 bytes
MD5: 691ae4fc368c0fc74c45bde254dd3b5c
SHA1: e640a95e603681550b53d9c4040af8fae6e67fb3
SHA256: 4DA9F4768979E5970C99C20E976566CFB22D75FD767BC1562449102066C171FB
File Size: 3.51 MB, 3510784 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name The Serials 2000 Rocks Team
File Description
  • MFC-Anwendung bactinet
  • Serials 2000 Pro Internet Edition
File Version
  • 3, 0, 0, 5
  • 1.00
  • 1, 0, 0, 1
Internal Name
  • bactinet
  • serial2k
  • TJprojMain
Legal Copyright
  • (c)Serials 2000 Crew
  • Copyright (C) 2001
Original Filename
  • bactinet.EXE
  • serial2k.EXE
  • TJprojMain.exe
Product Name
  • Anwendung bactinet
  • Project1
  • Serials 2000 3rd Edition [Final]
Product Version
  • 3, 0, 0, 5
  • 1.00
  • 1, 0, 0, 1

File Traits

  • .adata
  • .aspack
  • 2+ executable sections
  • ASPack v2.11x
  • ASPack v2.12
  • ASPack v2_11d
  • HighEntropy
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
Show More
  • No Version Info
  • ntdll
  • packed
  • x86

Block Information

Total Blocks: 198
Potentially Malicious Blocks: 15
Whitelisted Blocks: 141
Unknown Blocks: 42

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1 0 0 ? 0 0 0 0 0 ? 0 0 0 0 x ? 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? x x x x x x x x x ? 0 0 1 0 0 0 1 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Keygen.M
  • Patcher.B
  • Phorpiex.CBD

Files Modified

File Attributes
c:\users\user\appdata\local\temp\~df035055ea305c9d8e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df7951cb5c0b574e48.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfde946ef6e24122b6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\bassmod.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\egame\cid::id RegNtPreCreateKey
HKLM\software\wow6432node\egame\msgq::83|2025-10-26 17:46:46:0 RegNtPreCreateKey
HKLM\software\wow6432node\egame\83::starts  RegNtPreCreateKey
HKLM\software\wow6432node\e-game\computerid::id RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\f209dced5f0492e7b4ef8799638ee546efc14fc0_0000247808 c:\users\user\downloads\f209dced5f0492e7b4ef8799638ee546efc14fc0_0000247808:*:enabled:@shell32.dll,-1 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\f209dced5f0492e7b4ef8799638ee546efc14fc0_0000247808 c:\users\user\downloads\f209dced5f0492e7b4ef8799638ee546efc14fc0_0000247808:*:Enabled:ipsec RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317  RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 Ǐ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://kluczewsko.gmina.pl/images/xs.jpghttp://4-educationtec RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ⱙ᳭ RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 8edcbbfe46eafe3a0306e0512f1f04c8af978257_0000121344 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Info Queried
  • GetAdaptersInfo
Keyboard Access
  • GetAsyncKeyState
Network Winhttp
  • WinHttpOpen
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile

Trending

Most Viewed

Loading...