Troj/Agent-ZCB exhibits the following characteristics:
File Information
- Size
- 584K
- SHA-1
- 116a27805c4352499839f3830514be477caffa89
- MD5
- 58187819dc16d6ed38eb230093b0559c
- CRC-32
- e68454cf
- File type
- Windows executable
- First seen
- 2012-11-30
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\JavaUploader\JavaUploader.exe
Dropped Files
- c:\Documents and Settings\test user\Application Data\HOST
- Size
- 32
- SHA-1
- 59cd37f3d7b8a955c9496ead46e427e2d167e483
- MD5
- 056336d0fb04a102e96188f35355e41d
- CRC-32
- e045e7e3
- File type
- Data Log File (generic)
- First seen
- 2012-11-30
- c:\Documents and Settings\test user\Application Data\lundi.exe
Registry Keys Created
- HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
- RRDMQ5ILWO
- November 30, 2012
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- JavaUploader
- c:\Documents and Settings\test user\Application Data\JavaUploader\JavaUploader.exe
- HKCU\Software\VB and VBA Program Settings\SrvID\ID
- RRDMQ5ILWO
- lundi
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\lundi.exe
- c:\Documents and Settings\test user\Application Data\lundi.exe:*:Enabled:Windows Messanger
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
Processes Created
- c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
- c:\windows\system32\cmd.exe
- c:\windows\system32\reg.exe
- c:\windows\system32\wscript.exe
IP Connections
- 137.59.173.86:7030
- 37.59.173.86:7030