Troj/ZBot-EZV

Category: Viruses and Spyware Protection available since:15 May 2013 11:57:32 (GMT)
Type: Trojan Last Updated:15 May 2013 11:57:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/ZBot-EZV include:

Example 1

File Information

Size
319K
SHA-1
5fd4fd1d5f00efb910f0e86fee2eef40a115a47e
MD5
406b950d0b16cd32172cc3f2bec5afa6
CRC-32
b02f0e56
File type
Windows executable
First seen
2013-05-14

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Gexowu\umpu.exe
    Size
    319K
    SHA-1
    80d277b8058e16cf55f16d1261a6570b1a4f3f8e
    MD5
    7d47c3e9c290db24aa50e59a2fc76578
    CRC-32
    c649269f
    File type
    Windows executable
    First seen
    2013-05-15
  • c:\Documents and Settings\test user\Local Settings\Application Data\pilabo.ogg
    Size
    477
    SHA-1
    dc5dafa12cb9a56b002a3a477b0c6f847e27be9b
    MD5
    d204a0224c5240fb53dc75b247861262
    CRC-32
    9d32035e
    File type
    Unspecified binary - probably data
    First seen
    2013-05-15
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Sigeo
    19jd9aa6
    eP□ 3□□O□□Q□`t□pi□ r□`C□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Gexowu\umpu.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\gexowu\umpu.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 108.74.172.39:18939
  • 180.248.91.99:13372
  • 190.42.161.35:23153
  • 194.94.127.98:25549
  • 207.6.225.23:19674
  • 211.209.241.213:16882
  • 64.160.155.194:19894
  • 76.245.44.216:13467
  • 78.100.36.98:19914
  • 81.133.189.232:10880

Example 2

File Information

Size
319K
SHA-1
80d277b8058e16cf55f16d1261a6570b1a4f3f8e
MD5
7d47c3e9c290db24aa50e59a2fc76578
CRC-32
c649269f
File type
Windows executable
First seen
2013-05-15

download Try Sophos products for free
Download now