Troj/ZboAutIt-A

Category: Viruses and Spyware Protection available since:23 Aug 2013 16:46:35 (GMT)
Type: Trojan Last Updated:12 Feb 2014 19:37:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/ZboAutIt-A include:

Example 1

File Information

Size
2.4M
SHA-1
08a886716d5f9966f1a56a16e308cede48e13a7c
MD5
e03e77739d5dfd4d6a3a6512346b253a
CRC-32
70e20027
File type
Windows executable
First seen
2013-08-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\config.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\deepweb.txt
  • c:\Documents and Settings\test user\Application Data\dclogs\2013-08-20-3.dc
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp0.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\tmp0.exe
DNS Requests
  • zombitabe.no-ip.biz

Example 2

File Information

Size
1.1M
SHA-1
0acfafbbfdbb298360eea6bff7423fd6b16bfee7
MD5
aeb0ee0cb7d3fbd8003281ade6378dfb
CRC-32
69ea805d
File type
Windows executable
First seen
2007-08-18

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\AdobeART.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\deepweb.txt
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AdobeART
    c:\Documents and Settings\test user\Application Data\AdobeART.exe
Processes Created
  • c:\Documents and Settings\test user\application data\adobeart.exe
IP Connections
  • 212.7.218.49:1742

Example 3

File Information

Size
1.1M
SHA-1
0cd7bb31f14dd23c138c06fbd0a2f889d11e2626
MD5
d1de2faab8ce1547b01e518d23182076
CRC-32
2af6ce8e
File type
Windows executable
First seen
2013-08-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\f.txt
  • C:\WINDOWS\148546796\winsys.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoWindowsUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *148546796
    "C:\WINDOWS\148546796\winsys.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    *148546796
    "C:\WINDOWS\148546796\winsys.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NofolderOptions
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\docume~1\support\locals~1\temp\system
  • c:\windows\system32\cmd.exe
DNS Requests
  • irc.whhcd.info

download Try Sophos products for free
Download now