Troj/Zbot-GBE

Kategorie: Viren und Spyware Schutz verfügbar seit:01 Sep 2013 16:07:54 (GMT)
Typ: Trojan Zuletzt aktualisiert:01 Sep 2013 16:07:54 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/Zbot-GBE exhibits the following characteristics:

File Information

Size
568K
SHA-1
438bd2eee37010bc65296fc38197704167589f5b
MD5
d94f850001d622db3f69ef5ec3f2aabb
CRC-32
26f4670a
File type
Windows executable
First seen
2013-09-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Yggay\anywx.ruv
    Size
    477
    SHA-1
    5257eb995feee45320ebb5ca54c82f2b1aef3442
    MD5
    d09abf78d56940b76bed99e4039c521c
    CRC-32
    0701f832
    File type
    Unspecified binary - probably data
    First seen
    2013-09-01
  • c:\Documents and Settings\test user\Application Data\Ydbaah\beul.exe
    Size
    202K
    SHA-1
    3cddc6e8414fb9d517999b6ec0b04df6389558b7
    MD5
    daa7080ccd69b00c3a594cd36ffd1f36
    CRC-32
    e48eab8f
    File type
    Windows executable
    First seen
    2013-09-01
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {33D19149-77A4-C929-3B85-36951F5F6359}
    "c:\Documents and Settings\test user\Application Data\Ydbaah\beul.exe"
  • HKCU\Software\Microsoft\Diyzzu
    Gygahipue
    Z□□p□□□5□□U□□G□□3□□<□□H□□i□0'□`□□□S□□□□□□□P]□□□□p.□□□□p□□0□□□□□`□□@G□□\□□□□□e□□□□0□□p□□□□□□□□`6□□□□@N□□□□□□□`□□Pe□@□□P□□□P□□□□`□□□□□0□□□□□ □□□d□□/□□`□Pn□□□□□r□□|□□□□□□□□%□P□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    c4 2f 38 89 00 a7 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\ydbaah\beul.exe
  • c:\docume~1\support\locals~1\temp\aegg.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://wiltscomputers.net/noon/cfg.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • wiltscomputers.net
  • www.google.bg
  • www.google.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden