Troj/Zbot-FCZ

Kategorie: Viren und Spyware Schutz verfügbar seit:17 Mai 2013 19:19:57 (GMT)
Typ: Trojan Zuletzt aktualisiert:17 Mai 2013 19:19:57 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Zbot-FCZ include:

Example 1

File Information

Size
254K
SHA-1
18e8c0555aad0d7a490d154ec441d401841071c7
MD5
e2980ddfdd7c6ceac3b9cf75599af8a0
CRC-32
823546a1
File type
Windows executable
First seen
2013-04-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Bavay\zuvue.exe
    Size
    254K
    SHA-1
    a47c6e3157c4d03ca2ed6e81033ec70cb5b8fe64
    MD5
    68716d445c595596aa3252f6201eae8c
    CRC-32
    1274e1cd
    File type
    Windows executable
    First seen
    2013-05-01
  • c:\Documents and Settings\test user\Application Data\Vyqo\ylect.omq
    Size
    477
    SHA-1
    653ae7dcd925776d7e549d20d3f655ec14ef4914
    MD5
    5f9f86f1a365799f5212b5c641d84f73
    CRC-32
    21c996ea
    File type
    Unspecified binary - probably data
    First seen
    2013-05-01
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Tyon
    Daducoogf
    m3□□□□@&□□□□□□□ □□□K□□%□`□□□,□□□□0□□P□□p□□□□□□□□@□□□-□□2□□X□P□□□□□□=□□□□□]□□n□□□□□□□ %□0□□□□□@;□□□□P□□0□□□□□□□□P□□0e□P□□□□□pO□ <□□□□p□□□□□□□□□□□`$□□l□□^□□□□□0□□3□□□□`□□□□□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    zuvue.exe
    "c:\Documents and Settings\test user\Application Data\Bavay\zuvue.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnonBadCertRecving
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1A10
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1A10
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    6e d0 69 85 1b 46 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\bavay\zuvue.exe
IP Connections
  • 81.177.169.215:80

Example 2

File Information

Size
254K
SHA-1
a47c6e3157c4d03ca2ed6e81033ec70cb5b8fe64
MD5
68716d445c595596aa3252f6201eae8c
CRC-32
1274e1cd
File type
Windows executable
First seen
2013-05-01

Download Sophos Produkte kostenlos testen
Jetzt downloaden