Troj/Zbot-GUE

Kategorie: Viren und Spyware Schutz verfügbar seit:01 Nov 2013 22:28:43 (GMT)
Typ: Trojan Zuletzt aktualisiert:01 Nov 2013 22:28:43 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Zbot-GUE include:

Example 1

File Information

Size
270K
SHA-1
498a92cb7eaa00c242896ff5730e9eeefe9ca108
MD5
68d95620ab89a352bfaade57ec63a97d
CRC-32
098ce3b4
File type
Windows executable
First seen
2013-11-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Vyamm\ruxaihk.exe
    Size
    270K
    SHA-1
    69936d9a75ef18725c885e4817ffe44f68eab2f6
    MD5
    853fe49593e0340cd4811a91716ec0a2
    CRC-32
    cecd4d41
    File type
    Windows executable
    First seen
    2013-11-01
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp6a8c4f23.bat
    Size
    129
    SHA-1
    4fa16e995a32db3e9e1cbe8b6a01bcd0682bfa74
    MD5
    05c770b41ad6b0d1811c4b578c135b7d
    CRC-32
    e163f9f5
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-01
  • c:\Documents and Settings\test user\Application Data\Zaruipb\howaqi.dir
    Size
    477
    SHA-1
    4b7dc0c4241b99a61edc14bbf85868a9487c6d7b
    MD5
    359b716f0014780b9b43d5b25b986a85
    CRC-32
    f3d25a62
    File type
    Unspecified binary - probably data
    First seen
    2013-11-01
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {F9A73705-4329-F952-69FB-1F9E62E6266B}
    "c:\Documents and Settings\test user\Application Data\Vyamm\ruxaihk.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Ebne
    Oqbo
    □?□ Z□□□□□□□p□□□J□□F□□□□□n□□u□□□□□□□□□□□□□@J□□I□□S□□□□□g□pS□ □□□□□□)□□□□p□□P□□□□□p□□Pi□□□□pp□□@□P□□□X□P\□□□□Pi□□A□p□□`W□□□□□H□`□□□□□□□□□□□□n□`a□0□□p□□□X□0e□0□□ □□□□□□<□P^□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    70 74 17 dd 15 d7 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\vyamm\ruxaihk.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
DNS Requests
  • mecidiyekoyrentacar.net

Example 2

File Information

Size
270K
SHA-1
69936d9a75ef18725c885e4817ffe44f68eab2f6
MD5
853fe49593e0340cd4811a91716ec0a2
CRC-32
cecd4d41
File type
Windows executable
First seen
2013-11-01

Download Sophos Produkte kostenlos testen
Jetzt downloaden