Mal/Zbot-I

Category:	Viruses and Spyware	Protection available since:	02 Mar 2009 16:15:09 (GMT)
Type:	Malicious behavior	Last Updated:	02 Mar 2009 16:15:09 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Zbot-I include:

Example 1

File Information

Size: 401K
SHA-1: 4cf47c2a0517e5af7adee25c1000e530fbbc7b81
MD5: e40c049a6dacef8eb65f5fafa3949812
CRC-32: a2faa3b8
File type: application/x-ms-dos-executable
First seen: 2010-12-31

Other vendor detection

Kaspersky: Packed.Win32.Krap.af

Runtime Analysis

Copies Itself To

C:\WINDOWS\windows7addon.exe

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Microsoft Driver Setup
C:\WINDOWS\windows7addon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Driver Setup
C:\WINDOWS\windows7addon.exe

Example 2

File Information

Size: 147K
SHA-1: 57ac60da2d24be5153ded73d54f682cefe289fee
MD5: f92c572b29c6a83c7aae460b86e419cf
CRC-32: 9b89ff13
File type: application/x-ms-dos-executable
First seen: 2011-01-26

Other vendor detection

Avira: TR/Crypt.XPACK.Gen
Kaspersky: Packed.Win32.Krap.af

Runtime Analysis

Modified Files

C:\RECYCLER
- Set the readonly flag

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Taskman
C:\RECYCLER\S-1-5-21-9228838226-8002880365-794107833-5256\dllrun32.exe

DNS Requests

bf2back.sinip.es
lalundelau.sinip.es

Example 3

File Information

Size: 630K
SHA-1: 80a540cdadf69f877006ed0d5602c83b6d504ce5
MD5: 9c8fea47bfe61e97af15a39871042353
CRC-32: 7fe6654c
File type: application/x-ms-dos-executable
First seen: 2010-08-25

Other vendor detection

Kaspersky: Packed.Win32.Krap.af

Runtime Analysis

Modified Files

C:\RECYCLER
- Set the readonly flag

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Taskman
C:\RECYCLER\S-1-5-21-6755898029-4355213493-273194626-3200\windll.exe

DNS Requests

shv4.no-ip.biz

Try Sophos products for free
Download now