Troj/ZAccess-MJ

Category: Viruses and Spyware Protection available since:25 May 2013 12:32:21 (GMT)
Type: Trojan Last Updated:25 May 2013 12:32:21 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-MJ exhibits the following characteristics:

File Information

Size
257K
SHA-1
575af057b15b71bf396b74a6d91a74870bdc555e
MD5
ad64eee2da21bf9e81131778b8885087
CRC-32
f0d860d4
File type
Windows executable
First seen
2013-05-24

Runtime Analysis

Copies Itself To
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$R2E375313
Dropped Files
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$I2E375313
    Size
    544
    SHA-1
    ae33187468a39e1775866975aa49a94c7bd3665e
    MD5
    36cba78b1cc37c54cfed2a49ae295ebe
    CRC-32
    adf818c5
    File type
    Unspecified binary - probably data
    First seen
    2013-05-25
Registry Keys Created
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
  • http://www.e-zeeinternet.com/count.php
IP Connections
  • 1.172.107.253:16464
  • 113.254.253.254:16464
  • 114.24.194.159:16464
  • 115.254.253.254:16464
  • 116.203.254.67:16464
  • 117.204.169.191:16464
  • 117.254.253.254:16464
  • 119.254.253.254:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 158.254.253.254:16464
  • 159.148.43.126:16464
  • 166.254.253.254:16464
  • 178.140.181.119:16464
  • 180.254.253.254:16464
  • 181.166.240.133:16464
  • 182.254.253.254:16464
  • 183.254.253.254:16464
  • 184.153.86.13:16464
  • 184.254.253.254:16464
  • 186.19.49.104:16464
  • 186.92.63.6:16464
  • 187.105.51.63:16464
  • 187.111.184.53:16464
  • 187.5.167.59:16464
  • 190.157.28.144:16464
  • 190.174.120.204:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 197.254.253.254:16464
  • 206.254.253.254:16464
  • 206.45.161.73:16464
  • 209.68.32.176:80
  • 211.76.89.111:16464
  • 212.233.143.236:16464
  • 218.166.39.21:16464
  • 220.109.236.99:16464
  • 24.11.155.70:16464
  • 24.42.144.47:16464
  • 24.96.49.201:16464
  • 5.20.133.8:16464
  • 50.80.203.155:16464
  • 60.239.38.80:16464
  • 66.169.26.114:16464
  • 66.244.99.226:16464
  • 66.69.7.72:16464
  • 67.250.103.191:16464
  • 67.87.169.57:16464
  • 68.187.176.125:16464
  • 68.206.191.220:16464
  • 71.91.176.79:16464
  • 74.59.9.145:16464
  • 75.73.151.34:16464
  • 76.105.156.194:16464
  • 79.112.195.205:16464
  • 79.243.7.160:16464
  • 79.37.29.121:16464
  • 8.8.8.8:53
  • 81.233.109.19:16464
  • 83.177.28.145:16464
  • 84.115.169.223:16464
  • 85.226.44.209:16464
  • 85.85.96.116:16464
  • 87.248.84.193:16464
  • 90.129.79.28:16464
  • 90.236.234.143:16464
  • 93.103.83.134:16464
  • 95.180.16.25:16464
  • 96.25.191.34:16464
  • 97.69.219.43:16464
  • 98.127.222.53:16464
  • 98.192.217.69:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now