Examples of Troj/Zbot-AOY include:
Example 1
File Information
- Size
- 160K
- SHA-1
- 6c161ff57ca23f5b0065fe2aff4543841d7dfa5f
- MD5
- 81d891dbff59a0dc237e1e7e3fe5f85c
- CRC-32
- d71e263c
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
Example 2
File Information
- Size
- 160K
- SHA-1
- 71b7f9740af360b38a209419664208f95082db14
- MD5
- 68425df0c260d7b4338728e426f30570
- CRC-32
- 5986aa93
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Simoxi\geola.tmp
- Size
- 1.7K
- SHA-1
- cac6867d489f46afbaf6498cfbd2d7ae38a03d05
- MD5
- a2b94b9bfaa7e4bac7d3d59e855a807d
- CRC-32
- c6922b6d
- File type
- application/octet-stream
- First seen
- 2011-04-16
- c:\Documents and Settings\test user\Application Data\Edlau\utzin.exe
- Size
- 160K
- SHA-1
- 39d06809f099bffe907109191844f92a50ca896b
- MD5
- 36e38e3d5896daeab68f53c6860370a8
- CRC-32
- ba6d153e
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
Registry Keys Created
- HKCU\Software\Microsoft\Internet Explorer\Privacy
- CleanCookies
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {01D2DB36-5993-F011-04EA-B1B0D0D623D1}
- "c:\Documents and Settings\test user\Application Data\Edlau\utzin.exe"
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
Processes Created
- c:\documents and settings\support\application data\edlau\utzin.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://deimingames.com/update/db
DNS Requests