Troj/Zbot-CSI

Category: Viruses and Spyware Protection available since:07 Oct 2012 19:15:40 (GMT)
Type: Trojan Last Updated:07 Oct 2012 19:15:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-CSI exhibits the following characteristics:

File Information

Size
373K
SHA-1
101619c945a9de50cfe2f9adebb981b69c74d4ca
MD5
36ad9f8c2c3de263b934b8251ec24799
CRC-32
91712ec3
File type
Windows executable
First seen
2012-10-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Nyhyuq\habuw.exe
    Size
    373K
    SHA-1
    a4ab2de40619c4f0ec730005a69907d6a9ddac35
    MD5
    b6f9cfb525e45c0e4992031c048c6b3e
    CRC-32
    7b0597cc
    File type
    Windows executable
    First seen
    2012-10-07
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {45EB64EB-848A-69EF-4C5B-7F78EFDEA869}
    "c:\Documents and Settings\test user\Application Data\Nyhyuq\habuw.exe"
  • HKCU\Software\Microsoft\Inyh
    Ecnyet
    5b 2b 84 bd ec aa 80 a2 21 09 63 18 fd d0 a1 19 7c 93 99 39 5a 94 5e 5c 5b 7d 99 35 39 65 2c c6 42 75 58 06 5c ee 52 2e b8 ad e9 35 1c e9 69 b6 ae 8d 0a 36 f6 3d ff 16 8a d5 5c 9e 58 50 d2 22 3b 19 9c 32 53 b2 f0 8c 0a 38 fa f0 f1 70 67 1d 31 47 b7 df 46 ff ea 05 48 3e b5 a6 55 1f 88 25 0c 19 3b 00 23 04 eb 6b 76 be d8 62 ea 45 29 0a de 55 cb a6 f8 72 6f 5c 90 62 70 a9 5c b5 61 47 64 8e 39 05 f0 c2 2b 3e b9 9e bf 0c 45 1d df 9c 70 b8 bb eb 49 ab 2a 51 95 75 fd a7 7e 0c 6e 2f f1 1c 94 bb 57 23 55 1c 6a 64 ac 09 bf ab 93 85 38 5b a6 84 81 1b 12 5b 27 65 9c 12 db 6f 46 97 f9 42 40 10 ca c1 64 a6 47 4f 80 da 04 18 46 74 43 41 43 66 da 6b 73 62 45 49 ca 6d 72 2f c9 5f 7c cc 4e 02 2f 20 7d d6 b0 05 e0 22 32 2a 2f f8 e0 52 93 ee 6b 9e 42 3c 06 52 b3 6d eb 58 17 f1 [... 151188 intervening characters ...] a7 24 85 7e 95 2a b7 d9 8b 40 87 ab 42 7f a1 45 9e d7 9e 8c 53 26 ce b0 f5 0d 09 d5 e1 9c 62 3b 78 68 c9 41 f0 a0 55 60 9b bb 35 d9 74 19 d2 5f 3c d0 9a 6e f9 df 86 ea 6d 2b ba 47 0b 99 78 32
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\nyhyuq\habuw.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://dedeniscompany.cu.cc/ventures/server/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • dedeniscompany.cu.cc
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information