Examples of Mal/Zbot-ID include:
Example 1
File Information
- Size
- 288K
- SHA-1
- 00bf74682fbd1888d484f893146a8c47c7c40ae7
- MD5
- e2e8b39aabe88e617b5f9360c25f3eaa
- CRC-32
- e5a450a8
- File type
- Windows executable
- First seen
- 2011-06-27
Example 2
File Information
- Size
- 318K
- SHA-1
- 013ab5595d9bc56ddd4f0ec2cef35cfc41354a03
- MD5
- 17b2bc2a3a4f0f049db539117768353d
- CRC-32
- dbacd931
- File type
- Windows executable
- First seen
- 2012-11-01
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Daid\qyuw.exe
- Size
- 318K
- SHA-1
- 390c42a1789165f35bff6561a7b15120ae592c1e
- MD5
- aa402ae12412076cd925518874100166
- CRC-32
- 54236188
- File type
- Windows executable
- First seen
- 2012-11-01
- c:\Documents and Settings\test user\Local Settings\Application Data\ehuh.sau
- Size
- 523
- SHA-1
- 4c393e16009f05527c6bb9c28f53225b421139f5
- MD5
- f3ebaf0058c2a1abaed59e91a9307825
- CRC-32
- 48de508c
- File type
- Unspecified binary - probably data
- First seen
- 2012-11-01
Registry Keys Created
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Etimk
- 2jb76i84
- N+□□I□pv□@O□□+□pE□0G□P+□
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Daid\qyuw.exe"
Processes Created
- c:\Documents and Settings\test user\application data\daid\qyuw.exe
- c:\windows\system32\cmd.exe
IP Connections
- 108.217.233.48:16503
- 12.69.33.114:16684
- 178.24.254.56:29604
- 67.117.105.70:21549
- 69.8.163.34:20056
- 71.89.5.213:29604
- 76.223.247.173:15150
- 76.5.130.26:11749
- 82.211.145.5:16246
- 99.68.50.168:18692
Example 3
File Information
- Size
- 317K
- SHA-1
- 01433f0621aa6e3b28370cbcec325177f58170d6
- MD5
- c9c4ce68cc24c804c7a4e0198897a2f0
- CRC-32
- e0573808
- File type
- Windows executable
- First seen
- 2012-11-01