Troj/ZAccess-QE

Category: Viruses and Spyware Protection available since:13 Sep 2013 00:10:13 (GMT)
Type: Trojan Last Updated:13 Sep 2013 00:10:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/ZAccess-QE include:

Example 1

File Information

Size
237K
SHA-1
038e52d53a3f103c89c3130dafbb38520d9da16e
MD5
d33c168bf3fb5e98d0fb0438abd3e486
CRC-32
73b14361
File type
Windows executable
First seen
2013-09-12

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.9.59.196:16464
  • 105.137.40.195:16464
  • 105.227.111.167:16464
  • 111.253.236.62:16464
  • 114.77.217.155:16464
  • 119.234.132.223:16464
  • 121.73.234.249:16464
  • 139.228.19.59:16464
  • 14.96.137.222:16464
  • 141.136.12.135:16464
  • 173.240.136.184:16464
  • 176.18.19.11:16464
  • 178.148.218.185:16464
  • 178.152.185.61:16464
  • 179.147.0.36:16464
  • 183.176.112.208:16464
  • 186.5.221.38:16464
  • 186.51.123.11:16464
  • 186.68.7.231:16464
  • 188.121.211.28:16464
  • 188.167.111.20:16464
  • 189.235.78.8:16464
  • 190.128.117.25:16464
  • 190.153.152.209:16464
  • 190.186.104.153:16464
  • 190.241.106.192:16464
  • 190.38.33.165:16464
  • 192.226.200.172:16464
  • 194.165.17.4:53
  • 194.208.95.74:16464
  • 2.134.221.10:16464
  • 204.16.10.14:16464
  • 212.251.106.187:16464
  • 216.106.169.251:16464
  • 217.211.125.220:16464
  • 221.221.232.246:16464
  • 24.51.69.179:16464
  • 27.2.69.51:16464
  • 37.239.207.60:16464
  • 37.45.64.218:16464
  • 37.75.123.205:16464
  • 46.129.18.74:16464
  • 46.16.114.232:16464
  • 46.161.117.103:16464
  • 46.58.135.144:16464
  • 5.250.111.209:16464
  • 58.140.80.134:16464
  • 62.63.84.181:16464
  • 77.78.209.162:16464
  • 77.92.223.197:16464
  • 78.84.135.200:16464
  • 78.90.170.34:16464
  • 79.112.193.83:16464
  • 79.133.238.86:16464
  • 8.8.8.8:53
  • 80.86.237.121:16464
  • 80.99.99.103:16464
  • 82.102.108.120:16464
  • 82.65.224.214:16464
  • 83.222.139.13:16464
  • 84.194.58.41:16464
  • 84.231.197.58:16464
  • 85.100.124.99:16464
  • 85.155.61.206:16464
  • 85.250.3.207:16464
  • 86.44.150.230:16464
  • 88.51.115.242:16464
  • 89.212.142.179:16464
  • 91.74.219.90:16464
  • 92.41.203.98:16464
  • 93.72.70.215:16464
  • 94.132.142.16:16464
  • 95.107.216.55:16464
DNS Requests
  • j.maxmind.com

Example 2

File Information

Size
237K
SHA-1
0b104d65a049838448fec49a037a5b7afbd59e61
MD5
45dbf36b49a329f730a1eb97f328b8f2
CRC-32
aeb43c9e
File type
Windows executable
First seen
2012-03-14

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.9.59.196:16464
  • 105.227.111.167:16464
  • 114.77.217.155:16464
  • 119.234.132.223:16464
  • 121.73.234.249:16464
  • 139.228.19.59:16464
  • 14.96.137.222:16464
  • 141.136.12.135:16464
  • 173.240.136.184:16464
  • 176.18.19.11:16464
  • 178.148.218.185:16464
  • 179.147.0.36:16464
  • 183.176.112.208:16464
  • 186.5.221.38:16464
  • 186.51.123.11:16464
  • 186.68.7.231:16464
  • 188.121.211.28:16464
  • 188.167.111.20:16464
  • 189.235.78.8:16464
  • 190.128.117.25:16464
  • 190.153.152.209:16464
  • 190.186.104.153:16464
  • 190.241.106.192:16464
  • 190.38.33.165:16464
  • 192.226.200.172:16464
  • 194.165.17.4:53
  • 194.208.95.74:16464
  • 2.134.221.10:16464
  • 204.16.10.14:16464
  • 212.251.106.187:16464
  • 216.106.169.251:16464
  • 217.211.125.220:16464
  • 221.221.232.246:16464
  • 24.51.69.179:16464
  • 27.2.69.51:16464
  • 37.239.207.60:16464
  • 37.45.64.218:16464
  • 37.75.123.205:16464
  • 46.129.18.74:16464
  • 46.16.114.232:16464
  • 46.161.117.103:16464
  • 46.58.135.144:16464
  • 5.250.111.209:16464
  • 58.140.80.134:16464
  • 62.63.84.181:16464
  • 77.78.209.162:16464
  • 77.92.223.197:16464
  • 78.90.170.34:16464
  • 79.112.193.83:16464
  • 8.8.8.8:53
  • 80.86.237.121:16464
  • 82.102.108.120:16464
  • 82.65.224.214:16464
  • 83.222.139.13:16464
  • 84.194.58.41:16464
  • 84.231.197.58:16464
  • 85.155.61.206:16464
  • 85.250.3.207:16464
  • 86.44.150.230:16464
  • 88.51.115.242:16464
  • 89.212.142.179:16464
  • 91.74.219.90:16464
  • 92.41.203.98:16464
  • 93.72.70.215:16464
  • 95.107.216.55:16464
DNS Requests
  • j.maxmind.com

Example 3

File Information

Size
237K
SHA-1
236a8ddef727605f495fb9b8888daa5c26c9cc85
MD5
68df8662c73549938dbaf39d9d0fa999
CRC-32
dad3d92d
File type
Windows executable
First seen
2013-09-10

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.9.59.196:16464
  • 105.137.40.195:16464
  • 105.227.111.167:16464
  • 111.253.236.62:16464
  • 114.77.217.155:16464
  • 119.234.132.223:16464
  • 121.73.234.249:16464
  • 139.228.19.59:16464
  • 14.96.137.222:16464
  • 141.136.12.135:16464
  • 173.240.136.184:16464
  • 176.18.19.11:16464
  • 178.148.218.185:16464
  • 178.152.185.61:16464
  • 179.147.0.36:16464
  • 183.176.112.208:16464
  • 186.5.221.38:16464
  • 186.51.123.11:16464
  • 186.68.7.231:16464
  • 188.121.211.28:16464
  • 188.167.111.20:16464
  • 189.235.78.8:16464
  • 190.128.117.25:16464
  • 190.153.152.209:16464
  • 190.186.104.153:16464
  • 190.241.106.192:16464
  • 190.38.33.165:16464
  • 192.226.200.172:16464
  • 194.165.17.4:53
  • 194.208.95.74:16464
  • 2.134.221.10:16464
  • 204.16.10.14:16464
  • 212.251.106.187:16464
  • 216.106.169.251:16464
  • 217.211.125.220:16464
  • 221.221.232.246:16464
  • 24.51.69.179:16464
  • 27.2.69.51:16464
  • 37.239.207.60:16464
  • 37.45.64.218:16464
  • 37.75.123.205:16464
  • 46.129.18.74:16464
  • 46.16.114.232:16464
  • 46.161.117.103:16464
  • 46.58.135.144:16464
  • 5.250.111.209:16464
  • 58.140.80.134:16464
  • 62.63.84.181:16464
  • 77.78.209.162:16464
  • 77.92.223.197:16464
  • 78.90.170.34:16464
  • 79.112.193.83:16464
  • 8.8.8.8:53
  • 80.86.237.121:16464
  • 82.102.108.120:16464
  • 82.65.224.214:16464
  • 83.222.139.13:16464
  • 84.194.58.41:16464
  • 84.231.197.58:16464
  • 85.155.61.206:16464
  • 85.250.3.207:16464
  • 86.44.150.230:16464
  • 88.51.115.242:16464
  • 89.212.142.179:16464
  • 91.74.219.90:16464
  • 92.41.203.98:16464
  • 93.72.70.215:16464
  • 95.107.216.55:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now