Troj/ZAccess-FU

Category: Viruses and Spyware Protection available since:08 Dec 2012 06:49:58 (GMT)
Type: Trojan Last Updated:08 Dec 2012 06:49:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-FU exhibits the following characteristics:

File Information

Size
156K
SHA-1
7b43254974705933fc89a49529c250e121dae710
MD5
a8b5fef460e962334c239db4a8faa620
CRC-32
d45e5caa
File type
Windows executable
First seen
2012-12-07

Runtime Analysis

Registry Keys Created
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 101.63.37.204:16464
  • 106.77.5.203:16464
  • 109.192.175.40:16464
  • 110.134.196.193:16464
  • 114.47.21.49:16464
  • 115.241.243.37:16464
  • 115.242.129.96:16464
  • 115.254.253.254:16464
  • 116.73.198.137:16464
  • 117.194.206.187:16464
  • 124.176.75.228:16464
  • 130.204.97.2:16464
  • 135.19.39.200:16464
  • 135.254.253.254:16464
  • 14.96.101.246:16464
  • 14.98.166.216:16464
  • 150.214.64.187:16464
  • 173.171.116.19:16464
  • 175.38.47.4:16464
  • 176.56.7.190:16464
  • 178.150.105.31:16464
  • 180.254.253.254:16464
  • 180.73.40.202:16464
  • 184.161.203.219:16464
  • 190.253.253.254:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 198.82.172.122:16464
  • 2.196.75.121:16464
  • 201.213.36.184:16464
  • 208.103.232.215:16464
  • 212.253.253.254:16464
  • 212.96.231.52:16464
  • 213.100.96.214:16464
  • 213.112.34.198:16464
  • 213.253.253.254:16464
  • 24.132.203.182:16464
  • 24.144.207.200:16464
  • 24.16.239.44:16464
  • 24.77.249.247:16464
  • 27.4.117.221:16464
  • 46.37.85.16:16464
  • 50.83.158.5:16464
  • 66.85.130.234:53
  • 67.161.55.113:16464
  • 67.175.209.194:16464
  • 67.218.58.205:16464
  • 68.34.66.240:16464
  • 69.135.206.24:16464
  • 70.81.52.7:16464
  • 71.238.200.181:16464
  • 71.254.253.254:16464
  • 71.86.75.197:16464
  • 71.92.45.174:16464
  • 74.194.68.205:16464
  • 75.74.147.252:16464
  • 75.76.141.25:16464
  • 76.117.24.135:16464
  • 76.170.47.220:16464
  • 78.23.150.182:16464
  • 79.119.191.190:16464
  • 79.119.55.58:16464
  • 79.46.112.217:16464
  • 8.8.8.8:53
  • 82.72.38.210:16464
  • 82.78.231.141:16464
  • 83.252.10.197:16464
  • 84.228.200.206:16464
  • 87.18.48.81:16464
  • 87.254.253.254:16464
  • 88.254.253.254:16464
  • 92.231.108.117:16464
  • 98.184.74.90:16464
  • 98.209.74.102:16464
  • 98.228.31.115:16464
  • 98.239.151.25:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information