Troj/ZAccess-IS

Category: Viruses and Spyware Protection available since:18 Feb 2013 07:26:45 (GMT)
Type: Trojan Last Updated:18 Feb 2013 07:26:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-IS exhibits the following characteristics:

File Information

Size
200K
SHA-1
08619adc0d85d646b8f67191f4f94d266ce4925d
MD5
89444f443c89a953a2637818d54e05b7
CRC-32
aa9dd285
File type
Windows executable
First seen
2013-02-18

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 107.8.16.29:16464
  • 109.124.148.230:16464
  • 115.254.253.254:16464
  • 116.202.151.25:16464
  • 116.83.130.190:16464
  • 117.254.253.254:16464
  • 119.254.253.254:16464
  • 124.6.0.234:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 142.136.123.239:16464
  • 158.108.96.238:16464
  • 166.254.253.254:16464
  • 173.178.100.205:16464
  • 173.178.170.201:16464
  • 173.252.3.196:16464
  • 173.31.9.3:16464
  • 174.60.105.194:16464
  • 176.201.91.17:16464
  • 178.122.241.233:16464
  • 180.215.69.228:16464
  • 180.254.253.254:16464
  • 180.36.38.237:16464
  • 182.254.253.254:16464
  • 183.87.65.38:16464
  • 184.254.253.254:16464
  • 186.18.27.30:16464
  • 187.247.221.46:16464
  • 188.171.0.6:16464
  • 188.240.56.41:16464
  • 188.29.9.61:16464
  • 190.254.253.254:16464
  • 190.72.139.36:16464
  • 194.165.17.3:53
  • 201.187.5.204:16464
  • 201.209.115.220:16464
  • 206.254.253.254:16464
  • 24.0.38.63:16464
  • 24.133.213.189:16464
  • 24.148.135.251:16464
  • 24.171.21.225:16464
  • 24.31.181.223:16464
  • 50.140.3.241:16464
  • 50.26.223.42:16464
  • 66.85.130.234:53
  • 66.85.237.21:16464
  • 68.11.176.205:16464
  • 68.207.184.56:16464
  • 68.58.213.42:16464
  • 70.176.28.14:16464
  • 70.66.155.3:16464
  • 71.254.253.254:16464
  • 75.108.41.232:16464
  • 77.209.129.24:16464
  • 77.222.231.227:16464
  • 77.23.9.35:16464
  • 78.92.54.223:16464
  • 79.114.109.2:16464
  • 79.117.246.14:16464
  • 79.152.241.215:16464
  • 8.8.8.8:53
  • 80.117.239.210:16464
  • 80.183.89.5:16464
  • 81.57.116.26:16464
  • 82.77.114.237:16464
  • 83.11.84.233:16464
  • 83.155.135.59:16464
  • 87.11.235.46:16464
  • 87.13.243.251:16464
  • 87.254.253.254:16464
  • 88.224.254.230:16464
  • 88.254.253.254:16464
  • 89.216.147.199:16464
  • 89.245.215.9:16464
  • 89.97.62.235:16464
  • 92.254.253.254:16464
  • 93.199.46.203:16464
  • 95.20.67.51:16464
  • 95.57.183.68:16464
  • 96.47.89.56:16464
  • 98.184.128.60:16464
  • 98.247.3.65:16464
  • 99.234.133.12:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information