Gridinsoft Logo
File Icon

DesignerPro_Loader.exe Ransomware Zbot Analysis

Updated 2 months ago
Checked by Malware Check
DesignerPro_Loader.exe

Technical Analysis

File Name DesignerPro_Loader.exe
File Type
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Scanner Version 1.0.228.174
Database Version 2025-11-03 18:00:22 UTC

Ransom.Win64.Zbot.cld

Malware family: Zbot

Zbot, also known as Zeus, is a banking Trojan that steals financial information through keystroke logging and form grabbing. Active since 2007, it has been used in various campaigns including FTP account compromises and technical support fraud schemes.
N/A
Detection Rate
65,536
File Size (bytes)
2025-11-03
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
89ce0b44cc9f0467e65c47ce59930601
SHA1
9cfd1f734f144e53c8451eb466af2d5700f51177
SHA256
7801870f7d4432af2387cfb3c089bf24a492ddab008197531fe8feacf4539a11
SHA512
8b755fd7e3a5840e2df5b1e5432308a31e2f9b1e3c40f850539edab6622c45d3c248b8b01ba31d0f4310d847b784cc39479ccf2c4d74386c9b5b0b06fa5b1047
ImpHash
1ecf6b89fcca9155f09762161b0e68b6

PE Analysis

Basic Information

Icon
Hash: 35bf1f6e117126b19af41909eb79a2f1
Fuzzy: c9868c4cfa7311f0c5e4b4f309de6c95
dHash: 00939392caecec80
Image Base 0x00400000
Entry Point 0x0043f33a
Compilation Time 2018-04-16 21:59:10
Checksum 0x0001a139 (Actual: 0x0001a139)
OS Version 5.2
PEiD Signatures MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
Digital Signature No valid SignedData structure was found.
Imports 10 libraries
KERNEL32, shell32, psapi, ole32, version, user32, oleaut32, advapi32, gdi32, ntdll
Exports 2 functions
Resources 4 Resources
Sections 3 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.MPRESS1 0x00001000 253,952 bytes 54,784 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 355A02E2865E25B0FC7E3C1A369F9400
.MPRESS2 0x0003f000 4,228 bytes 4,608 bytes 5.22 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6DDDFCCD5D45A6F72D42DF9DEFF32354
.rsrc 0x00041000 5,376 bytes 5,632 bytes 4.91 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EF2C1CA718338204FBD7A9D87FE72A11
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 4 (5,147 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 4,264 bytes
82.8%
RT_RCDATA 1 108 bytes
2.1%
RT_GROUP_ICON 1 20 bytes
0.4%
RT_MANIFEST 1 755 bytes
14.7%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Ransom.Win64.Zbot.cld Removal

Gridinsoft has the capability to identify and eliminate Ransom.Win64.Zbot.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware