Backdoor.Zepfod.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 12,333 |
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 2,829 |
| First Seen: | September 19, 2018 |
| Last Seen: | February 23, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Backdoor.Zepfod.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
055de4966ee9d8c6f1a7edb6c7079140
SHA1:
eb4f48e9e430a4af7d855325988349fc45a71ee7
File Size:
552.96 KB, 552960 bytes
|
|
MD5:
4ea0b392ec86b8ff38eea7e117fa2bfe
SHA1:
43e48173538ea57239da416be6d3d2bbdf7a6e6a
SHA256:
E4C854218863B4353CBAC8316DE238ABF1433E43663B0CFCD61136E693242B24
File Size:
577.54 KB, 577536 bytes
|
|
MD5:
e53bc9502c2f3d2d3e82e8af3dd92d79
SHA1:
46499afefcc0e9a37cd37960d7e8f617471b5efc
SHA256:
8D324D69B97502372AC011696B13F222B6FD8BA1841D52DE942533EC40F2E74F
File Size:
532.48 KB, 532480 bytes
|
|
MD5:
0512810429f8499d7eb26d46c8e86095
SHA1:
355dbd8d7240db385ff5b99d13fc5b5f02235234
SHA256:
D21345C4DF036A7F4B149667994E33EF25FE2FD10F991A5C258F8FA764A0FB15
File Size:
622.59 KB, 622592 bytes
|
|
MD5:
d1eb63a068620d3a73df0a7393fa48dd
SHA1:
1e0406160efe60b8f75e9d0bcf5c3e2f62ff9181
SHA256:
5C5A85AB5C8975799DB1373546665BF8B3D1D5BC9332B9EEB31C911235E5A96D
File Size:
512.00 KB, 512000 bytes
|
Show More
|
MD5:
843dd628d579de65ba0ce8e152ef6091
SHA1:
d1e693ff77814f305dcfd5eabef95bc320cceda6
SHA256:
DBE43D30DEC5F5E122CAB0B0AA66EEA7FC11CC14EE45A9138E2F7B1962F1BD8D
File Size:
667.65 KB, 667648 bytes
|
|
MD5:
f314bf0322dd1689e489d277bbebc7dc
SHA1:
a851a6d4ccdbc16dfd60b4ec4bd86f5442cdf611
SHA256:
EF181007B8136ED776F5E393518BD736FF0C31EAF495FBEAC19C9B29A30A26D2
File Size:
815.10 KB, 815104 bytes
|
|
MD5:
68202813d53b3b334afa64013e8e2e76
SHA1:
386887eb0a9824d360dad3e5f3f905d723737c6d
SHA256:
0912419F09D691FE9264C8ABEED8FE2E0101EE3A9DB5945DFEC926EAE7C20B6B
File Size:
491.52 KB, 491520 bytes
|
|
MD5:
8fefb71ea7b9311c544bbe0078eaa4fe
SHA1:
26cb3238a519e63d5a77b2e0a2cae001fa73c873
SHA256:
20E641564F97D7F362E0563F58A5C7E2B20DD29DCDA4B8B24BAEDE92CF8B3949
File Size:
753.66 KB, 753664 bytes
|
|
MD5:
b0ea0f1bd13e0d627bf83d56332e8cc0
SHA1:
d6c49cc32a266ebae747cd332a98530c597bbeb8
SHA256:
5A2AFF08E034C7156254530FB55E001A51639D77C8759B165CAA45F4041C440D
File Size:
544.77 KB, 544768 bytes
|
|
MD5:
69900dca6b8b9efd296f3d05e667f32d
SHA1:
c89098f09f9451b0114f829dfe11af81cc1cf564
SHA256:
6C5314532E8A7FFD4D9F26DE826E2E1AE3E6A20D80BF05BA910C6839963B7CF3
File Size:
643.07 KB, 643072 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
25 additional icons are not displayed above.
File Traits
- HighEntropy
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 112 |
|---|---|
| Potentially Malicious Blocks: | 13 |
| Whitelisted Blocks: | 99 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\ddyxusbquzj.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gaosesrvobm.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\hvkpmytnbpn.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\krahmchbqtq.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\lswvcatfxjr.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\redsriiwsvx.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\rozxzkfyvrx.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\vgbawtemjvb.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\xuvjukcfswd.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\yjysouqqlce.exe | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\zbhzbfwvcpf.exe | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
