Troj/ZAccess-HG

Category: Viruses and Spyware Protection available since:17 Jan 2013 03:09:40 (GMT)
Type: Trojan Last Updated:17 Jan 2013 03:09:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-HG exhibits the following characteristics:

File Information

Size
170K
SHA-1
dd6cec437b7695cf9770f7bb2622ef380db18c31
MD5
7a081f02bb5a8e2be0fae8939dbb2cc2
CRC-32
15722e6e
File type
Windows executable
First seen
2013-01-16

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 107.10.7.21:16464
  • 108.167.39.195:16464
  • 108.167.43.109:16464
  • 109.53.145.225:16464
  • 114.38.160.196:16464
  • 114.51.43.211:16464
  • 115.254.253.254:16464
  • 117.195.118.207:16464
  • 117.199.15.205:16464
  • 117.214.144.136:16464
  • 117.216.113.250:16464
  • 117.254.253.254:16464
  • 121.254.86.52:16464
  • 123.194.123.189:16464
  • 126.124.112.35:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 14.97.41.188:16464
  • 144.131.207.217:16464
  • 147.156.182.233:16464
  • 151.27.8.201:16464
  • 174.112.21.207:16464
  • 175.117.22.114:16464
  • 176.200.231.140:16464
  • 178.149.5.51:16464
  • 178.235.106.218:16464
  • 180.254.253.254:16464
  • 182.254.253.254:16464
  • 184.46.125.20:16464
  • 187.10.175.40:16464
  • 187.3.236.150:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 196.219.225.118:16464
  • 197.207.6.13:16464
  • 198.82.172.122:16464
  • 200.127.62.144:16464
  • 206.254.253.254:16464
  • 209.127.24.154:16464
  • 213.167.20.92:16464
  • 216.107.160.131:16464
  • 24.30.28.197:16464
  • 24.54.61.161:16464
  • 27.62.197.79:16464
  • 50.14.36.157:16464
  • 50.29.234.12:16464
  • 50.70.8.26:16464
  • 65.184.105.22:16464
  • 66.85.130.234:53
  • 68.63.68.17:16464
  • 68.80.134.25:16464
  • 69.37.31.43:16464
  • 70.92.11.89:16464
  • 71.229.12.192:16464
  • 71.58.246.238:16464
  • 74.69.238.204:16464
  • 75.139.168.225:16464
  • 75.70.148.97:16464
  • 77.92.223.197:16464
  • 78.212.246.3:16464
  • 8.8.8.8:53
  • 82.234.194.119:16464
  • 84.122.112.25:16464
  • 85.84.4.24:16464
  • 87.100.233.28:16464
  • 87.254.253.254:16464
  • 87.93.81.221:16464
  • 88.254.253.254:16464
  • 90.95.5.195:16464
  • 92.254.253.254:16464
  • 96.35.252.193:16464
  • 98.203.184.225:16464
  • 98.215.141.190:16464
  • 99.244.155.203:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information