Troj/Zbot-ERQ

Kategorie: Viren und Spyware Schutz verfügbar seit:21 Apr 2013 01:48:00 (GMT)
Typ: Trojan Zuletzt aktualisiert:28 Apr 2013 20:58:44 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Zbot-ERQ include:

Example 1

File Information

Size
295K
SHA-1
09bd9e104dcd045c0d5dbb9f15dac535ab9d8a72
MD5
ce3c38f3ce2448e938b111a49388af82
CRC-32
cdef6e06
File type
Windows executable
First seen
2011-06-27

Example 2

File Information

Size
279K
SHA-1
249b9040e9af779a3c0eb9093db35e009fc81ab2
MD5
743622cfea5f9fdfa9243b702c2dcba2
CRC-32
585f3c78
File type
Windows executable
First seen
2011-06-27

Example 3

File Information

Size
279K
SHA-1
2513b1b0088d17955594665356bc76211f7e8eb4
MD5
4cb510d6e14476c5301be9e83b5839eb
CRC-32
be482384
File type
Windows executable
First seen
2013-04-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Vuida\uvfau.tmp
    Size
    661
    SHA-1
    ac7e3cda3d6c5b23b83b562bcb53ef85c74b3310
    MD5
    04c7bb858d93bca41342045ab1eeb79b
    CRC-32
    db517d49
    File type
    Unspecified binary - probably data
    First seen
    2013-04-20
  • c:\Documents and Settings\test user\Application Data\Ytvy\eduso.exe
    Size
    279K
    SHA-1
    25681b1b19a3ceb13eb51d079d110af0bec26b3d
    MD5
    34505b78e7e3fab7df90f33368d99d5b
    CRC-32
    21ec9c94
    File type
    Windows executable
    First seen
    2013-04-20
  • c:\Documents and Settings\test user\Application Data\Vuida\uvfau.kao
    Size
    581
    SHA-1
    609dac1d4cc041c4afa47d58fc6fc6b052f9bf7e
    MD5
    0970f583cfc87de4936c2d0fd74e7ba5
    CRC-32
    82a42d50
    File type
    Unspecified binary - probably data
    First seen
    2013-04-20
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Eqewup
    Geobf
    /G□□W□□□□`q□@□□□L□□□□pH□□G□□W□□□□`q□@□□□L□□□□pH□□G□□W□□□□`q□@□□□L□□□□pH□□S□□J□□Y□□□□`T□□□□p@□□□□□G□□W□□□□`q□@□□□L□□□□pH□□G□□W□□□□`q□@□□□L□□□□pH□□G□□W□□□□`q□@□□□L□□□□pH□□□□p□□□G□p□□□□□0"□□□□□□□□G□□W□□□□`q□@□□□L□□□□pH□□G□□W□□□□`q□@□□□L□□□□pH□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Ohzaidus
    "c:\Documents and Settings\test user\Application Data\Ytvy\eduso.exe"
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    30 6e af bb e3 3d ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\ytvy\eduso.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • d71b28d222eb1f01.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden