Troj/Agent-ZBR

Category: Viruses and Spyware Protection available since:07 Dec 2012 04:56:58 (GMT)
Type: Trojan Last Updated:07 Dec 2012 04:56:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ZBR exhibits the following characteristics:

File Information

Size
114K
SHA-1
3903fb5971b791f80ea2261117640d2737050f6f
MD5
031e382fc33c8b44020970ebf67889ad
CRC-32
f3e5e9b9
File type
Windows executable
First seen
2011-09-04

Other vendor detection

Trend
PAK_Generic.005

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\kujleaog.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\tvbjuwht.log
    Size
    28
    SHA-1
    8d8ea088bab1875453fcfa95ab0d2ad93d351a0a
    MD5
    8d5840d46346360611b3a4cd1334b37e
    CRC-32
    34361207
    File type
    Unspecified binary - probably data
    First seen
    2012-12-07
  • C:\Documents and Settings\All Users\Application Data\hwjhsolu.log
    Size
    64
    SHA-1
    edd17e4d15e5779efe27c04c2bdf3077d335d0a3
    MD5
    de2c5b6c50f5e05dff644959ff5b097c
    CRC-32
    717350f2
    File type
    Base64 encoded
    First seen
    2012-06-01
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service
    DeleteFlag
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SpoQcxma
    c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\kujleaog.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • abaimpolylgwpyxbamw.com
  • aotuagnertpbotyb.com
  • aqwavqcqihrpnp.com
  • asysxchmrumqprqq.com
  • avamcpwgnmnubdtdo.com
  • aviettxblpliagjma.com
  • awempmvxhdrdbxficu.com
  • baynhagvuyonjlx.com
  • bdvrdpqm.com
  • bheajhegq.com
  • bhjiowotwosh.com
  • bqdhbulm.com
  • bqmsurisanfwqlgkws.com
  • btilhhpr.com
  • bufkxqtqyroficsxsw.com
  • bxedpvqwnbrqilaawj.com
  • caevrcvrwptpnq.com
  • cfraaiborxbjrjj.com
  • cfrvijfuf.com
  • cgmolyjnq.com
  • chyiddkswlax.com
  • clqdsghvfjagolwifam.com
  • clvfnbawruruhei.com
  • cswhjgcelbjj.com
  • ctcmacmhntqwltsg.com
  • cybmocqjrvvscbj.com
  • dalwxisp.com
  • dbdrkuxohbhckuegu.com
  • djengjea.com
  • dkkhsfmlimcerh.com
  • dksdrqowxjpkpahm.com
  • dpsctcucfiec.com
  • dqsnkocuhdd.com
  • dsmcgraesgpl.com
  • dwdgssjtybclvbjld.com
  • ediinfxnoqvkg.com
  • eegwxvadm.com
  • egyjdgjkrexhkxjuyu.com
  • ejwhgdsrsllnvpms.com
  • epohgdtu.com
  • etwrcivgrjnnxjou.com
  • euffosmndmkklho.com
  • evexcpofko.com
  • evgudreoxhtqbpuemm.com
  • exbvayryyioyt.com
  • eysgesajtdvitvce.com
  • fcwmpcybe.com
  • fdkuxhcisladjlfoj.com
  • fhcnrhrfkd.com
  • fjqbeuwl.com
  • fkhskycrbsoeqq.com
  • flfutelho.com
  • fprgmefisuekk.com
  • fsntivrooq.com
  • fvqoolbwaixxtwhx.com
  • fwnliryshl.com
  • fwtycvjpivbagijwrd.com
  • gftamdbjjglcgtmedrk.com
  • ggcegiryh.com
  • ggrligam.com
  • gjqhfgrfba.com
  • gkfldevpcwpl.com
  • google.com
  • gsokdkeohogiao.com
  • guyvjuejafimbn.com
  • hboalksgvedcu.com
  • hheckjwawqcdhux.com
  • hnphlfjivs.com
  • hpraldylmqqh.com
  • hqsoltcv.com
  • hsquvplirk.com
  • hthfyodrekiobxxyoy.com
  • hvcjoppig.com
  • hvjhtwqfrskcivax.com
  • ioewqkjhsbqhqiwl.com
  • iqiskfilnxnojc.com
  • iubvtbfjxvw.com
  • ixloidklgqhixri.com
  • jalwftfaxsyrid.com
  • jbtmayniewkkdbv.com
  • jddbidhq.com
  • jdvkctjihcuk.com
  • jjkwogmx.com
  • jqhgljfwbicx.com
  • jrfilnymbjfxeyorlrx.com
  • jrmoofvbmyawoqmxawa.com
  • kbkclneojfdoufjcjw.com
  • kddkcllnwpuxck.com
  • klvcpklvl.com
  • ktvaatsckypuxwq.com
  • kwaqurdbviso.com
  • kxrhymbeqos.com
  • mjnjpufp.com
  • mkwatsiqtxpvlnpuiba.com
  • mnwdgjkljpiivcmwxw.com
  • mopsehrvcuet.com
  • mrqagbvwaq.com
  • msmnpjpxfxxyyg.com
  • msrpdfxrowicgf.com
  • mtokrjfpbnfklqel.com
  • mtowhhsdllawoubnt.com
  • nacipjykgfeknyoe.com
  • nfeommplhntpm.com
  • nhyiyuatf.com
  • njmhmsrcijwg.com
  • nmpiqwnr.com
  • nqkotacbrpynvh.com
  • nrpmfkcvocmyqb.com
  • nuxchyyuhsqvaeqscki.com
  • oggagtnuggaajyqo.com
  • oihlmlfveenb.com
  • okeirbfaljjrphwdur.com
  • onjrwfxdjsjupowpsp.com
  • opkyshhchw.com
  • oqlnpitv.com
  • oryvkcjtqgppnmwyhkv.com
  • osaplfdbvu.com
  • oyvdvwipstvepdrhx.com
  • pathypelike.com
  • pdosmvyvbxc.com
  • pephupiltvr.com
  • pfpgxtsryfloj.com
  • pgcmmwoure.com
  • pmmdifvsym.com
  • pokussfakdbutx.com
  • prmrouxqqguixclk.com
  • ptjcoxqd.com
  • qbelecnha.com
  • qeamormolasyefx.com
  • qgkkfxxgnslvbywpv.com
  • rilvqidydnqpostrt.com
  • rmhkxokeoha.com
  • rnwuwyqitwbvjrepl.com
  • rumgwnhtnlwlxdhxplo.com
  • rwgiarwo.com
  • safarhunter.com
  • sblatxoxbudqmqtj.com
  • sbytctmupbsjk.com
  • sfhbtihmrgfgsiylic.com
  • sjmyfelwpjrryb.com
  • skxufcnvwjmhhbcpc.com
  • slupkandjklhgnj.com
  • srkofotydkmgvrp.com
  • stajclmwylvsxy.com
  • swjciakacybaaetxsvt.com
  • tbkrudctjxiq.com
  • tdpyhdeqsjt.com
  • tiwkymsnmnptigje.com
  • tntkvoqcplpmyr.com
  • tpaadarkxdox.com
  • tyliownkq.com
  • ucauyutcvsi.com
  • uclaksxdoalhtt.com
  • ueaytdeacktsvcunoh.com
  • ugghaysrhyfpvstlrtp.com
  • uknjamwtjqfpkejbvd.com
  • ulrskisdldtcg.com
  • unmmhvnklfdombjhb.com
  • unxxdccbb.com
  • upbrrrsgpmypcugarj.com
  • uqfovcktmgd.com
  • uwrtdvgdffognvgj.com
  • uwtbhtum.com
  • vgahwvsafawkfha.com
  • vgkrmoboahb.com
  • vjcgrofxcuovefmnm.com
  • vjyclvvqhwr.com
  • vkydpnuqmgylxcc.com
  • vmqgapqngjqi.com
  • vtejuntjx.com
  • vutjkstmmudmgcj.com
  • vxuvucmndbwdlh.com
  • vydiovxgj.com
  • wabcbkyrfsvfomse.com
  • wgtofqmoguhekies.com
  • whdcnvdk.com
  • wixmjwlourbwrn.com
  • woekdapwmakrynt.com
  • wskguqvoyrcmyhymna.com
  • wsyvappmqlmqxgce.com
  • wummobyhauu.com
  • wupfgbewpowxakrq.com
  • wvxmexuiyjqivdtmfq.com
  • wxaqapnixetbdteppc.com
  • xaqcwabf.com
  • xeqqhagcn.com
  • xglpcosi.com
  • xhfobuuyoaeguonvrpt.com
  • xjqhkqbmovbogifpnx.com
  • xmdpbgnbpoxg.com
  • xmuadopejell.com
  • xpbcaqneolgwc.com
  • xpwotvrunoaaradjyaa.com
  • xtqkbhurjk.com
  • yddcojtxa.com
  • yfsxwvqbsnghyln.com
  • yllcqxdvpllovqwm.com
  • yobhoneoani.com
  • yodsdieegkjvhytxvq.com
  • ytavianjjb.com
  • ytsnaxta.com
  • yvvpyhjcwk.com

download Try Sophos products for free
Download now