Troj/Agent-ZDW exhibits the following characteristics:
File Information
- Size
- 228K
- SHA-1
- cd5be103ee3edc83e556e5e25da3db76310ebc50
- MD5
- 6dd01c335fa7d7532f091c66b578c386
- CRC-32
- 11cf7124
- File type
- Windows executable
- First seen
- 2012-12-05
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
- ShownServiceDownBalloon
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\Recovery
- ClearBrowsingHistoryOnExit
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnIntranet
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1409
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnPost
- 00 00 00 00
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
Processes Created
- c:\recycle.bin\b6232f3a448.exe
DNS Requests