Mal/Zbot-ML

Category: Viruses and Spyware Protection available since:31 Jul 2013 23:57:43 (GMT)
Type: Malicious behavior Last Updated:31 Jul 2013 23:57:43 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Zbot-ML include:

Example 1

File Information

Size
484K
SHA-1
0554923ce87a085f7dde3185b544e58d7b75bb71
MD5
83b91cca08f67608f57e3f1fc9aa79bd
CRC-32
e5a64d0b
File type
Windows executable
First seen
2013-07-26

Example 2

File Information

Size
484K
SHA-1
2ca2dbe6a54afe548787349413c26289424e92a8
MD5
b4ad733cf995c4afda903455d90a6988
CRC-32
5e0e11a0
File type
Windows executable
First seen
2013-07-26

Runtime Analysis

Dropped Files
  • C:\libnspr4.dll
Registry Keys Created
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}
    (Default)
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\VersionIndependentProgID
    (Default)
    Messenger.MsgrObject
  • HKCR\.key
    (Default)
    regfile
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\Programmable
    (Default)
  • HKCU\Software\ASProtect\SpecData
    D2B1B777D2B1B777
    □□□P□□□!□□□□□□□□□□ *□□□□P□□□□□<□`□□□H□□□□@□□
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}\1.0\HELPDIR
    (Default)
    C:\WINDOWS\system32\
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}\1.0\0
    (Default)
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}
    (Default)
    Evani.Dicawop Object
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\LocalServer32
    (Default)
    C:\Program Files\Messenger\msmsgs.exe
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\ProgID
    (Default)
    Messenger.MsgrObject.1
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}\1.0
    (Default)
    Microsoft NetShow Player
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}\1.0\0\win32
    (Default)
    C:\WINDOWS\system32\nscompat.tlb
  • HKCR\TypeLib\{E9C6572F-9AAB-E769-E9B6-28B020483B23}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\Version
    (Default)
    1.0
  • HKCR\CLSID\{333C5567-4EC0-4BB9-A08C-488E3DFAC0A6}\TypeLib
    (Default)
    {E9C6572F-9AAB-E769-E9B6-28B020483B23}

Example 3

File Information

Size
417K
SHA-1
c201e90578ba35da45c8ae229df382cffd2a701f
MD5
02cb709be64e622cf552aadbaeb3295b
CRC-32
e4665092
File type
Windows executable
First seen
2013-07-31

download Try Sophos products for free
Download now