Troj/Simda-Z

Category: Viruses and Spyware Protection available since:08 Apr 2013 17:36:23 (GMT)
Type: Trojan Last Updated:08 Apr 2013 17:36:23 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Simda-Z include:

Example 1

File Information

Size
632K
SHA-1
0186bbd5a868600bd4525c951597fef5e07bd3d3
MD5
432ba2bcd2501cbb6fb21d3863adf1c0
CRC-32
fe9044bd
File type
Windows executable
First seen
2013-04-08

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    8.8.8.8,172.16.0.2
HTTP Requests
  • http://report.q1w9u1m9317o3179aa.com/
IP Connections
  • 91.121.12.201:80

Example 2

File Information

Size
784K
SHA-1
9b88ae0d4c68dfda113f70131aa6de26f2ebe68e
MD5
700aad568981b493d247d5bbeec653bf
CRC-32
5a101541
File type
Windows executable
First seen
2013-04-08

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    8.8.8.8,172.16.0.2
HTTP Requests
  • http://report.3q79317i3qgm317ce1.com/
IP Connections
  • 91.121.12.201:80

Example 3

File Information

Size
784K
SHA-1
dd4bbe7174998fb91c64dd1411a1c5b28043be09
MD5
0bd098a1114f1f2f753dc2c0305bd98a
CRC-32
7c781b82
File type
Windows executable
First seen
2013-04-08

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    8.8.8.8,172.16.0.2
HTTP Requests
  • http://report.s3179y1ceiq793o79m1.com/
IP Connections
  • 91.121.12.201:80

download Try Sophos products for free
Download now