Troj/Zbot-GDH

Kategorie: Viren und Spyware Schutz verfügbar seit:02 Sep 2013 16:34:11 (GMT)
Typ: Trojan Zuletzt aktualisiert:02 Sep 2013 16:34:11 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Zbot-GDH include:

Example 1

File Information

Size
1.2M
SHA-1
2868ccc2307cbcc1aba7e3c9f4c9d734b962d4c0
MD5
c89956f0f4f92cc5743563b1880e77fc
CRC-32
ac5bc15c
File type
Windows executable
First seen
2013-09-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Zysyy\wyun.exe
    Size
    1.2M
    SHA-1
    6c669b77253a694412868da0cd5ea048feda0cc0
    MD5
    e73d4dcea9e276f75c46e40ed09ba283
    CRC-32
    9a28f679
    File type
    Windows executable
    First seen
    2013-09-02
  • c:\Documents and Settings\test user\Local Settings\Temp\f.txt
    Size
    138K
    SHA-1
    87fadbeb25eab0970b1616c437abad7528c7da56
    MD5
    a215dd330b1f79d20e90e1a4ed686f14
    CRC-32
    c26eecd8
    File type
    Unspecified binary - probably data
    First seen
    2013-09-02
  • c:\Documents and Settings\test user\Application Data\Tevi\sydow.lia
    Size
    477
    SHA-1
    486c398219ec208b12a3ba2265e1dab9685aa963
    MD5
    701e7cf533d8f866576544516dd822c0
    CRC-32
    396318ee
    File type
    Unspecified binary - probably data
    First seen
    2013-09-02
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {A7991CEF-2784-68CA-DAEE-E5EC95A2B311}
    "c:\Documents and Settings\test user\Application Data\Zysyy\wyun.exe"
  • HKCU\Software\Microsoft\Alzy
    Resuidig
    □□□@b□□{□□s□□r□□□□ □□□□□□□□□□□□□□□j□`□□□□□p□□@(□□□□□x□@□□0t□□□□□v□□□□□□□□□□□B□□□□□□□□□□□!□□□□pa□0□□@□□p□□□P□□□□P□□@V□□□□ □□□□□`_□□□□□$□□E□□%□P3□□□□□b□`j□@□□□□□□□□P]□P~□09□□J□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    c2 66 c7 3f df a7 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\zysyy\wyun.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://finesthours.fi.funpic.de/new/setting.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • finesthours.fi.funpic.de
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
1.2M
SHA-1
6c669b77253a694412868da0cd5ea048feda0cc0
MD5
e73d4dcea9e276f75c46e40ed09ba283
CRC-32
9a28f679
File type
Windows executable
First seen
2013-09-02

Download Sophos Produkte kostenlos testen
Jetzt downloaden