Troj/ZAccess-GN

Category: Viruses and Spyware Protection available since:09 Jan 2013 11:43:39 (GMT)
Type: Trojan Last Updated:09 Jan 2013 11:43:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-GN exhibits the following characteristics:

File Information

Size
181K
SHA-1
2315252ae7fbe860442bf1cd3ff9d4e19d3deab8
MD5
38e4757d664aa4964496e36bd480eb88
CRC-32
26f8c71c
File type
Windows executable
First seen
2013-01-08

Runtime Analysis

Registry Keys Created
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.169.138.60:16464
  • 109.238.104.45:16464
  • 115.254.253.254:16464
  • 117.200.89.47:16464
  • 117.211.95.26:16464
  • 117.254.253.254:16464
  • 118.171.48.174:16464
  • 121.222.141.182:16464
  • 122.21.2.173:16464
  • 122.31.239.45:16464
  • 124.123.247.90:16464
  • 124.86.217.18:16464
  • 135.254.253.254:16464
  • 14.194.87.122:16464
  • 14.99.160.224:16464
  • 174.44.64.68:16464
  • 177.59.32.4:16464
  • 178.0.128.96:16464
  • 178.116.44.238:16464
  • 178.127.108.114:16464
  • 180.254.253.254:16464
  • 182.254.253.254:16464
  • 190.254.253.254:16464
  • 193.30.249.82:16464
  • 194.165.17.3:53
  • 200.206.226.22:16464
  • 206.254.253.254:16464
  • 213.253.253.254:16464
  • 219.85.175.200:16464
  • 27.4.244.41:16464
  • 37.143.220.128:16464
  • 37.78.236.129:16464
  • 46.10.168.104:16464
  • 46.233.11.218:16464
  • 59.124.65.196:16464
  • 59.24.75.55:16464
  • 61.10.20.37:16464
  • 61.21.5.127:16464
  • 65.185.162.92:16464
  • 65.49.160.134:16464
  • 66.103.57.204:16464
  • 66.85.130.234:53
  • 67.187.122.204:16464
  • 68.145.101.43:16464
  • 68.190.5.68:16464
  • 68.199.240.224:16464
  • 68.2.67.78:16464
  • 69.89.169.8:16464
  • 70.182.232.22:16464
  • 71.254.253.254:16464
  • 72.181.180.37:16464
  • 72.227.231.4:16464
  • 72.26.11.197:16464
  • 74.138.236.228:16464
  • 75.140.18.250:16464
  • 75.187.144.72:16464
  • 75.187.54.185:16464
  • 75.210.125.234:16464
  • 76.125.121.178:16464
  • 79.47.152.89:16464
  • 8.8.8.8:53
  • 82.11.63.43:16464
  • 85.103.125.92:16464
  • 85.155.17.11:16464
  • 86.42.241.112:16464
  • 87.254.253.254:16464
  • 87.95.63.153:16464
  • 88.254.253.254:16464
  • 89.245.50.88:16464
  • 89.253.178.163:16464
  • 92.254.253.254:16464
  • 97.81.85.187:16464
  • 98.180.223.49:16464
  • 98.212.237.213:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information