Troj/ZAccess-RO

Category: Viruses and Spyware Protection available since:20 Nov 2013 01:05:51 (GMT)
Type: Trojan Last Updated:27 Nov 2013 21:41:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/ZAccess-RO include:

Example 1

File Information

Size
285K
SHA-1
057b9bbf6b3f7694f020989eb5e02597dd40faa2
MD5
04ad3c4faa8ab00223b2c84d5c4a7ac9
CRC-32
495b703c
File type
Windows executable
First seen
2013-11-18

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.36.121.233:16464
  • 101.99.38.108:16464
  • 109.203.212.46:16464
  • 111.250.29.169:16464
  • 112.209.43.32:16464
  • 115.119.137.124:16464
  • 121.145.104.180:16464
  • 122.150.199.233:16464
  • 123.231.87.73:16464
  • 124.122.110.16:16464
  • 160.75.95.109:16464
  • 164.8.95.6:16464
  • 176.123.249.19:16464
  • 179.209.194.75:16464
  • 180.235.176.90:16464
  • 180.94.92.82:16464
  • 181.177.210.16:16464
  • 182.189.49.214:16464
  • 186.145.224.187:16464
  • 186.15.34.117:16464
  • 189.192.201.162:16464
  • 190.117.242.4:16464
  • 190.45.181.8:16464
  • 194.165.17.4:53
  • 201.211.166.65:16464
  • 203.171.229.185:16464
  • 210.232.16.243:16464
  • 213.96.11.92:16464
  • 218.186.84.45:16464
  • 24.135.18.76:16464
  • 24.206.12.72:16464
  • 37.123.198.139:16464
  • 37.238.118.22:16464
  • 37.45.45.120:16464
  • 41.190.167.33:16464
  • 46.210.229.100:16464
  • 46.241.164.37:16464
  • 49.125.248.145:16464
  • 5.13.97.144:16464
  • 62.152.13.9:16464
  • 70.189.42.222:16464
  • 77.105.193.55:16464
  • 77.71.182.31:16464
  • 78.157.66.153:16464
  • 79.103.75.47:16464
  • 79.184.186.14:16464
  • 8.8.8.8:53
  • 82.211.185.55:16464
  • 82.231.248.239:16464
  • 85.187.232.164:16464
  • 86.44.146.231:16464
  • 87.110.11.138:16464
  • 89.134.129.150:16464
  • 89.177.110.60:16464
  • 90.130.40.239:16464
  • 94.208.243.36:16464
  • 94.253.233.175:16464
  • 95.138.218.185:16464
  • 95.244.159.199:16464
  • 95.59.39.125:16464
  • 95.90.215.45:16464
  • 95.95.128.178:16464
DNS Requests
  • j.maxmind.com

Example 2

File Information

Size
286K
SHA-1
09ebcd57db716479922f76f03220692a5105025c
MD5
47e1564761716553ac340a97a28fd659
CRC-32
bc5a9ba6
File type
Windows executable
First seen
2013-09-10

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.44.31.55:16464
  • 103.20.133.70:16464
  • 109.107.103.83:16464
  • 110.134.145.138:16464
  • 112.209.92.149:16464
  • 114.109.131.81:16464
  • 115.135.204.109:16464
  • 118.165.211.132:16464
  • 118.47.82.240:16464
  • 119.237.53.217:16464
  • 151.239.233.56:16464
  • 158.181.244.189:16464
  • 177.192.10.220:16464
  • 178.168.35.229:16464
  • 178.89.124.136:16464
  • 180.148.46.171:16464
  • 180.235.180.76:16464
  • 181.135.134.76:16464
  • 182.149.103.199:16464
  • 186.15.147.234:16464
  • 186.51.225.80:16464
  • 186.69.141.160:16464
  • 188.194.214.128:16464
  • 188.23.237.42:16464
  • 189.198.68.122:16464
  • 190.205.229.204:16464
  • 190.211.232.28:16464
  • 190.42.50.19:16464
  • 190.48.95.101:16464
  • 190.53.88.40:16464
  • 194.165.17.4:53
  • 197.6.58.36:16464
  • 201.214.201.128:16464
  • 212.52.62.241:16464
  • 222.165.5.94:16464
  • 27.3.38.103:16464
  • 31.147.118.162:16464
  • 31.192.54.115:16464
  • 36.88.13.219:16464
  • 37.215.76.207:16464
  • 37.236.122.35:16464
  • 37.61.46.198:16464
  • 41.202.108.222:16464
  • 41.98.134.89:16464
  • 46.108.111.212:16464
  • 46.149.34.107:16464
  • 46.162.240.210:16464
  • 46.251.20.80:16464
  • 5.103.59.5:16464
  • 62.12.85.206:16464
  • 62.21.64.13:16464
  • 63.245.42.249:16464
  • 67.55.242.130:16464
  • 77.54.16.15:16464
  • 78.155.34.61:16464
  • 78.84.243.235:16464
  • 79.126.132.83:16464
  • 79.176.38.61:16464
  • 8.8.8.8:53
  • 80.72.52.106:16464
  • 81.94.165.106:16464
  • 82.128.195.243:16464
  • 82.56.124.149:16464
  • 84.193.23.212:16464
  • 85.72.92.23:16464
  • 87.102.216.7:16464
  • 87.198.113.65:16464
  • 88.179.198.113:16464
  • 89.146.89.41:16464
  • 89.173.219.154:16464
  • 89.212.98.26:16464
  • 90.191.166.37:16464
  • 91.148.127.52:16464
  • 92.239.219.210:16464
  • 92.240.184.103:16464
  • 93.155.184.106:16464
  • 94.100.17.183:16464
  • 94.203.7.162:16464
  • 94.54.216.78:16464
DNS Requests
  • j.maxmind.com

Example 3

File Information

Size
282K
SHA-1
12735af3f87d21e5b8250f21ef4b1a5caf825871
MD5
b656811cfbcced6a1ca865a14d358965
CRC-32
f647476d
File type
Windows executable
First seen
2013-09-10

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 105.226.252.19:16464
  • 109.162.38.106:16464
  • 109.185.105.16:16464
  • 112.209.94.132:16464
  • 113.22.241.177:16464
  • 114.24.113.181:16464
  • 115.252.222.251:16464
  • 119.157.183.168:16464
  • 119.237.55.76:16464
  • 123.231.82.134:16464
  • 125.161.132.13:16464
  • 175.201.34.48:16464
  • 176.123.249.128:16464
  • 176.215.159.59:16464
  • 178.89.112.116:16464
  • 179.30.19.211:16464
  • 180.74.40.22:16464
  • 186.176.60.8:16464
  • 186.32.93.227:16464
  • 188.248.83.38:16464
  • 188.29.47.19:16464
  • 189.192.125.162:16464
  • 190.206.161.248:16464
  • 190.218.66.165:16464
  • 190.252.196.242:16464
  • 194.165.17.4:53
  • 197.206.123.139:16464
  • 2.188.104.235:16464
  • 2.193.198.60:16464
  • 202.137.155.222:16464
  • 212.59.228.118:16464
  • 213.16.151.88:16464
  • 217.211.125.220:16464
  • 24.157.24.113:16464
  • 27.127.64.243:16464
  • 31.140.103.193:16464
  • 37.244.186.142:16464
  • 41.182.190.214:16464
  • 41.71.206.140:16464
  • 46.49.86.240:16464
  • 58.11.249.139:16464
  • 59.189.108.30:16464
  • 77.125.113.79:16464
  • 78.102.52.148:16464
  • 78.251.203.139:16464
  • 78.52.146.245:16464
  • 78.56.248.200:16464
  • 78.84.134.191:16464
  • 8.8.8.8:53
  • 80.99.99.103:16464
  • 84.104.24.78:16464
  • 84.120.144.116:16464
  • 86.125.167.117:16464
  • 86.44.146.214:16464
  • 91.133.48.109:16464
  • 92.37.82.50:16464
  • 95.138.218.185:16464
  • 95.85.187.28:16464
  • 95.95.131.35:16464
  • 98.201.191.139:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now