Troj/Zbot-GHJ

Kategorie: Viren und Spyware Schutz verfügbar seit:16 Sep 2013 10:07:51 (GMT)
Typ: Trojan Zuletzt aktualisiert:16 Sep 2013 10:07:51 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/Zbot-GHJ exhibits the following characteristics:

File Information

Size
434K
SHA-1
7ee65c63abe1dae4d9fb185ec16bcb412ea4fbed
MD5
6e3bd315f07dfcefddb2616fad686fc5
CRC-32
a24c536d
File type
Windows executable
First seen
2013-09-16

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\uX4ZeizY\JvslGD3.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\uX4ZeizY\JvslGD3.exe.lnk
    Size
    897
    SHA-1
    3c1a65033ddbbdd166382f40715670abaaf38e72
    MD5
    62d9de95dd440cdc191bad1a1a2c8fa6
    CRC-32
    c1b83125
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-09-16
  • c:\Documents and Settings\test user\Application Data\Qytiuk\mifyiz.fux
    Size
    477
    SHA-1
    e3febe8e13a243c832d743e560fafb6f6b59f2b8
    MD5
    44788f638a5f6c3aa9af75bcb928a5ad
    CRC-32
    ed67daf0
    File type
    Unspecified Markup Language
    First seen
    2013-09-16
  • c:\Documents and Settings\test user\Application Data\Ceu\alubyx.exe
    Size
    434K
    SHA-1
    3ecde89867d18cf3568c46e24a21c9f1067bbbde
    MD5
    6fd13a81ce75451b31e3bb8ad0e4d482
    CRC-32
    d2ba400b
    File type
    Windows executable
    First seen
    2013-09-16
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B85AF0FE-8261-512E-6AB8-8E32227517E2}
    "c:\Documents and Settings\test user\Application Data\Ceu\alubyx.exe"
  • HKCU\Software\Microsoft\Foqut
    Coemxapag
    □D□□□□□8□□□□□Q□□□□`3□□□□□□□□□□□□□@□□ J□P□□@□□□□□p□□@□□□f□ □□ L□□0□□□□ □□P□□□□□@?□□J□□3□□□□□@□P□□□□□□z□0□□py□ □□□□□□□□□□□p>□p□□□□□`□□@J□`□□□@□ □□□□□□□□□□□□W□`L□@□□□S□□□□□p□0□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    12 06 3c 5d a3 b2 ce 01
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\uX4ZeizY\JvslGD3.exe,explorer.exe
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\ceu\alubyx.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
IP Connections
  • 93.170.128.163:80

Download Sophos Produkte kostenlos testen
Jetzt downloaden