Mal/Zbot-PH

Kategorie: Viren und Spyware Schutz verfügbar seit:24 Feb 2014 13:46:10 (GMT)
Typ: Malicious behavior Zuletzt aktualisiert:24 Feb 2014 13:46:10 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Mal/Zbot-PH include:

Example 1

File Information

Size
270K
SHA-1
119360ef98390b4b4576dc44108c8e27d718aba6
MD5
f7f158a516d32e552cf1c73df850ed70
CRC-32
cb07ff58
File type
Windows executable
First seen
2013-07-04

Other vendor detection

Avira
TR/Crypt.ZPACK.52790

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Lemico\amuqvu.exe
    Size
    270K
    SHA-1
    7ff4d86cfc5ab29d29a9ef7a0dbe31f9b2cb5674
    MD5
    52aeb80700dcc32514d82a171769f1d1
    CRC-32
    c5880529
    File type
    Windows executable
    First seen
    2014-02-24
  • c:\Documents and Settings\test user\Local Settings\Application Data\yvxa.ybv
    Size
    477
    SHA-1
    7465314db445f7bdc3b60d44de431a18c6d9b144
    MD5
    32d7c972849bbcf2f7636c2dc60575e6
    CRC-32
    ac0d4a07
    File type
    Unspecified binary - probably data
    First seen
    2014-02-24
Registry Keys Created
  • HKCU\Software\Microsoft\Jueznequmava
    10b7b46i
    Cg□□V□0H□□A□□W□□j□□Z□@9□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Amuqvu
    "c:\Documents and Settings\test user\Application Data\Lemico\amuqvu.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\lemico\amuqvu.exe
IP Connections
  • 12.166.193.10:1414
  • 194.67.71.74:6975
  • 60.244.81.6:6006
  • 61.38.200.5:3397
  • 70.254.195.177:9572
  • 85.100.41.9:8835
  • 86.133.91.153:5768
  • 86.186.151.106:8106

Example 2

File Information

Size
270K
SHA-1
1926f6a2408c7572d31ddcd1a4a0a64f6a088aa0
MD5
69bfe1b05dc7bc27218d9fa0a1211938
CRC-32
702dd758
File type
Windows executable
First seen
2013-07-04

Example 3

File Information

Size
270K
SHA-1
607cc009e118b1b8823845eff616eaa13e8bdc6e
MD5
6998232a6fb310a05c938f19742e2e17
CRC-32
f2978221
File type
Windows executable
First seen
2013-07-04

Download Sophos Produkte kostenlos testen
Jetzt downloaden