Threat Database Backdoors Backdoor.Zepfod.A

Backdoor.Zepfod.A

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 12,333
Threat Level: 60 % (Medium)
Infected Computers: 2,829
First Seen: September 19, 2018
Last Seen: February 23, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.Zepfod.A
Signature status: No Signature

Known Samples

MD5: 055de4966ee9d8c6f1a7edb6c7079140
SHA1: eb4f48e9e430a4af7d855325988349fc45a71ee7
File Size: 552.96 KB, 552960 bytes
MD5: 4ea0b392ec86b8ff38eea7e117fa2bfe
SHA1: 43e48173538ea57239da416be6d3d2bbdf7a6e6a
SHA256: E4C854218863B4353CBAC8316DE238ABF1433E43663B0CFCD61136E693242B24
File Size: 577.54 KB, 577536 bytes
MD5: e53bc9502c2f3d2d3e82e8af3dd92d79
SHA1: 46499afefcc0e9a37cd37960d7e8f617471b5efc
SHA256: 8D324D69B97502372AC011696B13F222B6FD8BA1841D52DE942533EC40F2E74F
File Size: 532.48 KB, 532480 bytes
MD5: 0512810429f8499d7eb26d46c8e86095
SHA1: 355dbd8d7240db385ff5b99d13fc5b5f02235234
SHA256: D21345C4DF036A7F4B149667994E33EF25FE2FD10F991A5C258F8FA764A0FB15
File Size: 622.59 KB, 622592 bytes
MD5: d1eb63a068620d3a73df0a7393fa48dd
SHA1: 1e0406160efe60b8f75e9d0bcf5c3e2f62ff9181
SHA256: 5C5A85AB5C8975799DB1373546665BF8B3D1D5BC9332B9EEB31C911235E5A96D
File Size: 512.00 KB, 512000 bytes
Show More
MD5: 843dd628d579de65ba0ce8e152ef6091
SHA1: d1e693ff77814f305dcfd5eabef95bc320cceda6
SHA256: DBE43D30DEC5F5E122CAB0B0AA66EEA7FC11CC14EE45A9138E2F7B1962F1BD8D
File Size: 667.65 KB, 667648 bytes
MD5: f314bf0322dd1689e489d277bbebc7dc
SHA1: a851a6d4ccdbc16dfd60b4ec4bd86f5442cdf611
SHA256: EF181007B8136ED776F5E393518BD736FF0C31EAF495FBEAC19C9B29A30A26D2
File Size: 815.10 KB, 815104 bytes
MD5: 68202813d53b3b334afa64013e8e2e76
SHA1: 386887eb0a9824d360dad3e5f3f905d723737c6d
SHA256: 0912419F09D691FE9264C8ABEED8FE2E0101EE3A9DB5945DFEC926EAE7C20B6B
File Size: 491.52 KB, 491520 bytes
MD5: 8fefb71ea7b9311c544bbe0078eaa4fe
SHA1: 26cb3238a519e63d5a77b2e0a2cae001fa73c873
SHA256: 20E641564F97D7F362E0563F58A5C7E2B20DD29DCDA4B8B24BAEDE92CF8B3949
File Size: 753.66 KB, 753664 bytes
MD5: b0ea0f1bd13e0d627bf83d56332e8cc0
SHA1: d6c49cc32a266ebae747cd332a98530c597bbeb8
SHA256: 5A2AFF08E034C7156254530FB55E001A51639D77C8759B165CAA45F4041C440D
File Size: 544.77 KB, 544768 bytes
MD5: 69900dca6b8b9efd296f3d05e667f32d
SHA1: c89098f09f9451b0114f829dfe11af81cc1cf564
SHA256: 6C5314532E8A7FFD4D9F26DE826E2E1AE3E6A20D80BF05BA910C6839963B7CF3
File Size: 643.07 KB, 643072 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

25 additional icons are not displayed above.

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 112
Potentially Malicious Blocks: 13
Whitelisted Blocks: 99
Unknown Blocks: 0

Visual Map

x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\ddyxusbquzj.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gaosesrvobm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hvkpmytnbpn.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\krahmchbqtq.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lswvcatfxjr.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\redsriiwsvx.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rozxzkfyvrx.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vgbawtemjvb.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xuvjukcfswd.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\yjysouqqlce.exe Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\zbhzbfwvcpf.exe Generic Write,Read Attributes

Windows API Usage

Category API
User Data Access
  • GetComputerName

Trending

Most Viewed

Loading...