Troj/ZAccess-QY

Kategorie: Viren und Spyware Schutz verfügbar seit:25 Okt 2013 15:19:40 (GMT)
Typ: Trojan Zuletzt aktualisiert:25 Okt 2013 15:19:40 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/ZAccess-QY exhibits the following characteristics:

File Information

Size
198K
SHA-1
38eebcb9283fd3d649dfc3240ceef106eb7cf112
MD5
4edd7a1e5115739e627e6fbd6adf8cf6
CRC-32
9ad52ab7
File type
Windows executable
First seen
2013-10-25

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 105.229.164.217:16464
  • 109.64.48.186:16464
  • 111.88.53.65:16464
  • 113.162.48.244:16464
  • 114.45.96.100:16464
  • 116.48.19.106:16464
  • 117.242.149.42:16464
  • 119.118.184.48:16464
  • 121.220.140.31:16464
  • 125.161.129.111:16464
  • 130.204.70.157:16464
  • 156.17.190.51:16464
  • 161.53.207.157:16464
  • 162.210.42.250:16464
  • 176.123.248.51:16464
  • 176.222.166.201:16464
  • 178.79.4.24:16464
  • 186.133.4.130:16464
  • 187.3.195.235:16464
  • 188.119.78.219:16464
  • 188.230.178.197:16464
  • 188.37.151.85:16464
  • 190.156.182.206:16464
  • 190.78.20.148:16464
  • 194.165.17.4:53
  • 195.130.73.55:16464
  • 195.24.206.222:16464
  • 197.1.188.188:16464
  • 201.186.166.20:16464
  • 202.180.216.233:16464
  • 211.48.52.88:16464
  • 213.112.235.97:16464
  • 31.11.94.102:16464
  • 31.135.212.230:16464
  • 37.19.194.253:16464
  • 41.81.231.226:16464
  • 46.241.188.67:16464
  • 5.15.172.234:16464
  • 5.238.20.135:16464
  • 77.21.149.59:16464
  • 78.158.10.163:16464
  • 79.140.171.128:16464
  • 79.165.147.223:16464
  • 8.8.8.8:53
  • 80.3.182.173:16464
  • 81.21.249.49:16464
  • 81.217.51.169:16464
  • 82.211.188.242:16464
  • 82.65.18.221:16464
  • 84.192.199.149:16464
  • 84.28.149.111:16464
  • 85.92.39.219:16464
  • 87.198.56.25:16464
  • 87.2.106.145:16464
  • 87.226.9.119:16464
  • 88.247.92.106:16464
  • 89.134.44.22:16464
  • 92.96.35.38:16464
  • 95.39.137.32:16464
  • 96.10.136.62:16464
DNS Requests
  • j.maxmind.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden