Troj/Agent-ZBH

Category: Viruses and Spyware Protection available since:13 Dec 2012 06:28:22 (GMT)
Type: Trojan Last Updated:13 Dec 2012 06:28:22 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-ZBH include:

Example 1

File Information

Size
1.1M
SHA-1
14cb85b7f46284e15405dabcfea8a938cff7f358
MD5
0ae3822a0beaddea9f0266b3182ae9fa
CRC-32
50e27b7f
File type
Windows executable
First seen
2012-12-12

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\panmap.exe
Dropped Files
  • c:\Documents and Settings\test user\Templates\CertPolEng.exe
    Size
    6.0K
    SHA-1
    178a0eaa8963f70b40ee2d4e17a26b783ac071d4
    MD5
    00fa6afbf4c86a5b6d783035ad83fa96
    CRC-32
    2258b24c
    File type
    Windows executable
    First seen
    2012-12-11
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Certificate Policy Engine
    c:\Documents and Settings\test user\Templates\CertPolEng.exe
  • HKCU\Software\DC3_FEXEC
    12/12/2012 at 05:57:19
    {8683e91a-044e-11df-871e-806d6172696f-1612674719}
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\panmap.exe
  • c:\Documents and Settings\test user\templates\certpoleng.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe
DNS Requests
  • stillon.no-ip.org

Example 2

File Information

Size
6.0K
SHA-1
178a0eaa8963f70b40ee2d4e17a26b783ac071d4
MD5
00fa6afbf4c86a5b6d783035ad83fa96
CRC-32
2258b24c
File type
Windows executable
First seen
2012-12-11

download Try Sophos products for free
Download now