Examples of Troj/Agent-ZIT include:
Example 1
File Information
- File type
- application/x-ms-dos-executable
Runtime Analysis
Registry Keys Created
- HKCU\Software\WinRAR
- HWID
- {E□□8□`E□ 8□□-□□0□P0□□4□□E□0-□□0□□D□□B□`B□`F□02□PA□□6□@}□
IP Connections
Example 2
File Information
- Size
- 132K
- SHA-1
- 979f65cba439abee2b8880ffc09fbed018af0859
- MD5
- 4612e8ecb081b888c7b509bac07bf8a4
- CRC-32
- 827672ae
- File type
- Windows executable
- First seen
- 2012-08-23
Example 3
File Information
- Size
- 132K
- SHA-1
- d4bfbbd375da0ac775812bed2459ff908e1fb9ba
- MD5
- b360fec7652688dc9215fd366530d40c
- CRC-32
- b492c277
- File type
- application/x-ms-dos-executable
- First seen
- 2012-08-23
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\KB00954719.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- KB00954719.exe
- "c:\Documents and Settings\test user\Application Data\KB00954719.exe"
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\application data\kb00954719.exe
- c:\windows\system32\cmd.exe
IP Connections
- 123.49.61.59:8080
- 173.192.229.36:8080
- 173.224.221.135:8080
- 174.143.174.136:8080
- 180.235.150.72:8080
- 199.71.215.194:8080
- 203.217.147.52:8080
- 206.176.226.157:8080
- 208.87.243.18:8080
- 209.51.221.247:8080
- 210.56.23.100:8080
- 23.22.174.122:8080
- 59.90.221.6:8080
- 64.120.193.112:8080
- 69.64.89.82:8080
- 74.117.61.66:8080
- 74.207.237.170:8080
- 89.221.242.217:8080