Troj/Zaccess-HS

Category: Viruses and Spyware Protection available since:26 Jan 2013 21:00:37 (GMT)
Type: Trojan Last Updated:26 Jan 2013 21:00:37 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zaccess-HS exhibits the following characteristics:

File Information

Size
177K
SHA-1
c6e3bc966859d63697f36aad1f6454d1dcd1c028
MD5
4157499241515793d62c5c750138a13f
CRC-32
4d62f012
File type
Windows executable
First seen
2013-01-26

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.173.112.37:16464
  • 1.22.216.215:16464
  • 101.63.132.28:16464
  • 101.96.44.207:16464
  • 109.108.170.84:16464
  • 109.197.85.24:16464
  • 109.83.98.52:16464
  • 111.252.182.235:16464
  • 112.146.39.193:16464
  • 115.254.253.254:16464
  • 117.194.83.254:16464
  • 117.254.253.254:16464
  • 119.254.253.254:16464
  • 123.238.114.61:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 156.17.240.41:16464
  • 166.161.28.33:16464
  • 172.218.244.201:16464
  • 173.209.129.190:16464
  • 177.106.54.243:16464
  • 180.254.253.254:16464
  • 180.45.94.45:16464
  • 182.254.253.254:16464
  • 183.82.152.222:16464
  • 188.195.176.231:16464
  • 190.209.246.60:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 201.86.5.209:16464
  • 206.254.253.254:16464
  • 206.53.13.10:16464
  • 223.18.93.55:16464
  • 24.235.141.31:16464
  • 24.99.93.212:16464
  • 27.106.111.81:16464
  • 5.15.240.63:16464
  • 66.117.244.198:16464
  • 66.85.130.234:53
  • 68.109.118.44:16464
  • 68.113.185.8:16464
  • 68.191.133.195:16464
  • 68.35.247.33:16464
  • 68.35.72.228:16464
  • 68.39.93.81:16464
  • 69.23.45.65:16464
  • 70.177.79.55:16464
  • 70.190.154.247:16464
  • 70.82.80.52:16464
  • 71.254.253.254:16464
  • 71.80.160.27:16464
  • 72.208.29.250:16464
  • 75.109.86.25:16464
  • 75.128.183.55:16464
  • 76.16.207.24:16464
  • 76.27.211.55:16464
  • 78.90.120.40:16464
  • 79.187.162.54:16464
  • 79.188.157.42:16464
  • 8.8.8.8:53
  • 82.137.41.13:16464
  • 84.229.150.15:16464
  • 85.74.104.25:16464
  • 86.38.157.67:16464
  • 87.1.107.62:16464
  • 87.254.253.254:16464
  • 88.254.253.254:16464
  • 89.132.229.81:16464
  • 92.254.253.254:16464
  • 93.105.38.34:16464
  • 93.124.37.73:16464
  • 93.14.128.38:16464
  • 94.21.241.4:16464
  • 94.41.31.41:16464
  • 95.48.187.242:16464
  • 98.217.85.55:16464
  • 98.28.106.196:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information