Troj/ZAccess-PS

Category: Viruses and Spyware Protection available since:23 Aug 2013 15:18:19 (GMT)
Type: Trojan Last Updated:23 Aug 2013 15:18:19 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/ZAccess-PS include:

Example 1

File Information

Size
3.0K
SHA-1
48680938db9a81b89d4ec98fda98700e8dfe17a6
MD5
6b54fd9bad257ba28304cbf42fe34fa4
CRC-32
56e7eb64
File type
Windows executable
First seen
2013-08-22

Other vendor detection

Avira
BDS/ZAccess.daxe

Example 2

File Information

Size
298K
SHA-1
542d2c45a58d583e5d0ce6613ec18c8d854f4aab
MD5
062869d4207522e96c8d4c0d032f1cd5
CRC-32
35dd0e52
File type
Windows executable
First seen
2013-08-22

Other vendor detection

Avira
BDS/ZAccess.daxe.1

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\RasTls\cnexitdxsrgfiig
    Size
    8
    SHA-1
    a47bfd696e0a35a7be64c0b18b8d40f842effa26
    MD5
    ec7733ab75d0daf366293f7369dd75b5
    CRC-32
    1597c8b2
    File type
    Unspecified binary - probably data
    First seen
    2013-08-23
  • C:\Documents and Settings\All Users\RasTls\RasTls.dll.msc
    Size
    103K
    SHA-1
    d45fe1a917bfc46d7872b76b26f918917cdc603f
    MD5
    571ef7235fac680cd6ff6ba4a44280db
    CRC-32
    7e4a3530
    File type
    Unspecified binary - probably data
    First seen
    2013-08-23
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\RasTls.dll.msc
    Size
    103K
    SHA-1
    d45fe1a917bfc46d7872b76b26f918917cdc603f
    MD5
    571ef7235fac680cd6ff6ba4a44280db
    CRC-32
    7e4a3530
    File type
    Unspecified binary - probably data
    First seen
    2013-08-23
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\RasTls.dll
    Size
    3.0K
    SHA-1
    48680938db9a81b89d4ec98fda98700e8dfe17a6
    MD5
    6b54fd9bad257ba28304cbf42fe34fa4
    CRC-32
    56e7eb64
    File type
    Windows executable
    First seen
    2013-08-22
  • C:\Documents and Settings\All Users\RasTls\RasTls.exe
    Size
    106K
    SHA-1
    2616da1697f7c764ee7fb558887a6a3279861fac
    MD5
    62944e26b36b1dcace429ae26ba66164
    CRC-32
    1d7e04d2
    File type
    Windows executable
    First seen
    2013-07-29
  • C:\Documents and Settings\All Users\RasTls\RasTls.dll
    Size
    3.0K
    SHA-1
    48680938db9a81b89d4ec98fda98700e8dfe17a6
    MD5
    6b54fd9bad257ba28304cbf42fe34fa4
    CRC-32
    56e7eb64
    File type
    Windows executable
    First seen
    2013-08-22
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\RasTls\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\RasTls
    Description
    RasTls
  • HKLM\SYSTEM\CurrentControlSet\Services\RasTls\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
Processes Created
  • c:\documents and settings\all users\rastls\rastls.exe
  • c:\docume~1\support\locals~1\temp\rarsfx0\rastls.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • jetro.fuckjp.net

Example 3

File Information

Size
103K
SHA-1
d45fe1a917bfc46d7872b76b26f918917cdc603f
MD5
571ef7235fac680cd6ff6ba4a44280db
CRC-32
7e4a3530
File type
Unspecified binary - probably data
First seen
2013-08-23

download Try Sophos products for free
Download now