Troj/Zbot-CSC

Category: Viruses and Spyware Protection available since:06 Oct 2012 00:10:16 (GMT)
Type: Trojan Last Updated:06 Oct 2012 00:10:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-CSC include:

Example 1

File Information

Size
453K
SHA-1
1690b11280c07396c498e014f75e4102b1d4f8b9
MD5
46b28a2ed4447a596b9180d5d5854e5b
CRC-32
f2288809
File type
Windows executable
First seen
2012-10-05

Example 2

File Information

Size
453K
SHA-1
f348340cdc7af3730ae4fc1b2c9b5c30b3cbc047
MD5
2511fa2c093e57f4fc6b7e44aa086342
CRC-32
2317ed12
File type
Windows executable
First seen
2012-10-05

Runtime Analysis

Dropped Files
  • C:\debug.txt
  • c:\Documents and Settings\test user\Application Data\Mosuy\ugtu.kif
    Size
    477
    SHA-1
    89fe1707229e169141060759b9bc0f8ec96c6c76
    MD5
    5c739a27f0972314b562929c3a5d29e1
    CRC-32
    cfef4ba7
    File type
    Unspecified binary - probably data
    First seen
    2012-10-05
  • c:\Documents and Settings\test user\Application Data\Mosuy\ugtu.tmp
    Size
    315
    SHA-1
    0fad06316e6bd3ca13b92198cfe89ef89c5d0c6d
    MD5
    c86015ee28053309312067406da8ed10
    CRC-32
    da409d4e
    File type
    Unspecified binary - probably data
    First seen
    2012-10-05
  • c:\Documents and Settings\test user\Application Data\Samoi\adum.exe
    Size
    453K
    SHA-1
    1690b11280c07396c498e014f75e4102b1d4f8b9
    MD5
    46b28a2ed4447a596b9180d5d5854e5b
    CRC-32
    f2288809
    File type
    Windows executable
    First seen
    2012-10-05
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Anudc
    Ofmypu
    c□□□□□□i□`□□□□□@□□□□□□□□□□□□□□□f□□□□□□□PU□□□□@□□□□□□□□□%□□□□P(□□□□@j□□a□□□□□□□□I□□□□□□□Pl□□>□□□□p□□□□□0□□ □□□%□□f□□□□@□□□□□□□□p□□□+□□□□□□□□□□`p□□□□ □□□□□P□□□□□□x□□□□□#□□□□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {45EB64EB-848A-69EF-4C5B-7F78EFDEA869}
    "c:\Documents and Settings\test user\Application Data\Samoi\adum.exe"
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000007
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    5c d9 4d 38 1d a3 cd 01
Processes Created
  • c:\Documents and Settings\test user\application data\samoi\adum.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://sundayikejacompany.info/dede/server/config.bin
DNS Requests
  • sundayikejacompany.info

download Try Sophos products for free
Download now