Threat Database Trojans Trojan.Zurgop.B

Trojan.Zurgop.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 13,725
Threat Level: 80 % (High)
Infected Computers: 29,360
First Seen: October 5, 2012
Last Seen: October 13, 2025
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Panda Suspicious file
McAfee-GW-Edition Artemis!CD84D14F676B
AntiVir TR/Kazy.95178.1
Kaspersky Trojan-Ransom.Win32.PornoAsset.aaoe
AVG Agent_r.BNO
AntiVir TR/Crypt.XPACK.Gen8
Comodo TrojWare.Win32.Kryptik.AMBG
Sophos Mal/Ransom-Z
Kaspersky HEUR:Trojan.Win32.Generic
Panda Trj/OCJ.A
AVG SHeur4.AQAZ
McAfee-GW-Edition Artemis!755528A084DC
AntiVir TR/Ransom.SM.5
Kaspersky Trojan-Ransom.Win32.PornoAsset.zmk
Panda Trj/CI.A

Analysis Report

General information

Family Name: Trojan.Zurgop.B
Signature status: No Signature

Known Samples

MD5: 073f7124f0b948b59ab2ee4d8e217226
SHA1: cd8ef847df25258641ca277ac4bdf764426cb5c4
File Size: 88.28 KB, 88280 bytes
MD5: 33a427decf0f9130b28e5059cb8f6c13
SHA1: cf6e029a29d8a9c44aae2879e212fdf93619f426
File Size: 57.48 KB, 57480 bytes
MD5: 26750f5e4c441fd0562f4cc362dedff9
SHA1: 2804ca8c594fb63e78c3f89654ed2499f68069d4
File Size: 79.92 KB, 79920 bytes
MD5: 3d1f29d7ed0080062b5984acdc66f679
SHA1: 0a46701bca16b64ac338e87b65c0afceae656e0d
SHA256: D12D7A172B51F9F25C860CCDB54D7D011491DBD76BC65B48FA138422D47C6BA0
File Size: 808.45 KB, 808448 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Microsoft Corporation
File Description Win32 Cabinet Self-Extractor
File Version 11.00.17763.1 (WinBuild.160101.0800)
Internal Name Wextract
Legal Copyright © Microsoft Corporation. All rights reserved.
Original Filename WEXTRACT.EXE .MUI
Product Name Internet Explorer
Product Version 11.00.17763.1

File Traits

  • HighEntropy
  • No Version Info
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\1uu29me8.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\1uu29me8.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\3ih59ic.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\3ih59ic.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\tmp4351$.tmp Generic Write,Read Attributes,Delete

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Twjxwwww\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey

Windows API Usage

Category API
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Users\Twjxwwww\AppData\Local\Temp\IXP000.TMP\1uu29ME8.exe

Trending

Most Viewed

Loading...