Troj/ZAccess-KK

Category: Viruses and Spyware Protection available since:26 Apr 2013 05:13:52 (GMT)
Type: Trojan Last Updated:26 Apr 2013 05:13:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-KK exhibits the following characteristics:

File Information

Size
259K
SHA-1
553a17eb69429e8a8f52063eab63e068ba5522d7
MD5
1d2f6afa5b8aec23ddcf5e5f55edd638
CRC-32
66229b2d
File type
Windows executable
First seen
2013-04-25

Runtime Analysis

Copies Itself To
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$R2E375313
Dropped Files
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$I2E375313
    Size
    544
    SHA-1
    bbf71de49352afee94cc19978c6503d3eb046b41
    MD5
    4797bff77a20a4916a84afa25ed8a9fc
    CRC-32
    86349a74
    File type
    Unspecified binary - probably data
    First seen
    2013-04-25
Registry Keys Created
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
  • http://www.e-zeeinternet.com/count.php
IP Connections
  • 1.168.140.217:16464
  • 101.63.87.236:16464
  • 108.170.53.186:16464
  • 108.178.127.209:16464
  • 108.184.204.195:16464
  • 111.242.131.189:16464
  • 113.254.253.254:16464
  • 113.42.93.206:16464
  • 114.148.236.240:16464
  • 114.24.35.245:16464
  • 114.41.130.214:16464
  • 115.254.253.254:16464
  • 117.195.146.240:16464
  • 117.204.174.189:16464
  • 117.254.253.254:16464
  • 118.165.100.186:16464
  • 119.254.253.254:16464
  • 121.131.106.196:16464
  • 122.118.188.231:16464
  • 123.236.245.204:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 139.228.194.205:16464
  • 14.97.43.199:16464
  • 150.201.54.230:16464
  • 158.49.55.216:16464
  • 166.254.253.254:16464
  • 174.59.133.199:16464
  • 174.68.99.251:16464
  • 177.22.230.236:16464
  • 178.214.163.219:16464
  • 180.215.53.234:16464
  • 180.254.253.254:16464
  • 181.164.220.198:16464
  • 182.254.253.254:16464
  • 183.254.253.254:16464
  • 184.254.253.254:16464
  • 186.93.104.249:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 197.254.253.254:16464
  • 201.243.40.212:16464
  • 203.194.98.221:16464
  • 206.254.253.254:16464
  • 208.127.193.200:16464
  • 209.68.32.176:80
  • 211.8.15.237:16464
  • 217.132.26.215:16464
  • 218.45.34.219:16464
  • 219.68.161.220:16464
  • 24.151.216.251:16464
  • 24.201.49.192:16464
  • 24.232.226.203:16464
  • 24.247.247.211:16464
  • 24.254.152.240:16464
  • 46.185.8.253:16464
  • 50.142.134.197:16464
  • 58.173.136.248:16464
  • 58.93.126.223:16464
  • 59.91.107.245:16464
  • 61.21.146.228:16464
  • 67.11.223.211:16464
  • 67.183.135.224:16464
  • 67.248.214.232:16464
  • 68.13.68.244:16464
  • 71.194.88.222:16464
  • 72.21.68.232:16464
  • 74.71.224.208:16464
  • 75.187.130.223:16464
  • 75.82.131.228:16464
  • 76.103.193.195:16464
  • 76.14.105.198:16464
  • 78.157.36.208:16464
  • 79.112.29.223:16464
  • 8.8.8.8:53
  • 80.238.115.218:16464
  • 81.202.132.186:16464
  • 85.67.18.233:16464
  • 85.86.37.216:16464
  • 87.1.215.223:16464
  • 87.69.132.207:16464
  • 88.159.222.222:16464
  • 89.69.201.243:16464
  • 92.254.253.254:16464
  • 95.245.167.201:16464
  • 95.88.198.192:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now