Examples of Troj/Zbot-DCQ include:
Example 1
File Information
- Size
- 360K
- SHA-1
- 146ace62736f88c5160d2fc1efa86f3050ce8cfc
- MD5
- 955def11393f7e7509c02229e6eef61f
- CRC-32
- f20967b0
- File type
- Windows executable
- First seen
- 2012-12-02
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Bapi\uqfoe.exe
- Size
- 360K
- SHA-1
- e22f822172f891fccbbb1cd529bec4e3dc6d20d2
- MD5
- 6454f0300973caad49b5e634b8b8dc71
- CRC-32
- 8efa3d9e
- File type
- Windows executable
- First seen
- 2012-12-05
Processes Created
- c:\windows\system32\cmd.exe
Example 2
File Information
- Size
- 360K
- SHA-1
- 4951d124157d8881170235c74f4101b06d52515c
- MD5
- 146607430cd91303113010532421b609
- CRC-32
- 921a0f6d
- File type
- Windows executable
- First seen
- 2007-07-08
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Unalm\xogahi.exe
- Size
- 360K
- SHA-1
- 17141b7b076769d10529ddf5143fef31b89f117b
- MD5
- 25a163ed88b191ad164596ec31ee3f2d
- CRC-32
- 7a5d9fa6
- File type
- Windows executable
- First seen
- 2012-12-05
- c:\Documents and Settings\test user\Local Settings\Application Data\zuxehi.jiu
- Size
- 477
- SHA-1
- 65abcbeb5cc269fc9c49809a6726b1082e499155
- MD5
- 24f9e2d143cb0d74d67ac2c6045cac96
- CRC-32
- e7be6111
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-05
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Unalm\xogahi.exe"
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Goty
- h4i4iih
- dR□0Y□ b□□M□`N□□N□□7□pD□
Processes Created
- c:\Documents and Settings\test user\application data\unalm\xogahi.exe
- c:\windows\system32\cmd.exe
IP Connections
- 194.94.127.98:25549
- 67.116.41.46:17260
- 69.181.245.46:13792
- 70.138.242.12:13308
- 71.17.184.96:20724
- 71.42.39.15:22053
- 75.27.136.151:25600
- 75.56.51.58:15150
- 80.177.57.148:29062
- 96.246.54.170:13670
- 99.103.223.24:13874
- 99.116.60.120:19343
Example 3
File Information
- Size
- 360K
- SHA-1
- 4fbdb09db418685624c3e9c7ad8988b1c0a086ed
- MD5
- 354627dccba815501de74fd3eae9fb9e
- CRC-32
- 3d6cd3f8
- File type
- Windows executable
- First seen
- 2012-11-27
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\ojyc.myf
- Size
- 477
- SHA-1
- 67191ba2d7f1cf45660b8879361befd0fe32fec5
- MD5
- 2f676bc83b477b111488e3b612afef0c
- CRC-32
- 53c42142
- File type
- Unspecified binary - probably data
- First seen
- 2012-11-27
- c:\Documents and Settings\test user\Application Data\Exoxef\weuxot.exe
- Size
- 360K
- SHA-1
- d6b7b98bf1ed5b041e191639f1614c76864969c6
- MD5
- 87f6c162a70ce985ea2f372c0547bff9
- CRC-32
- e8a7333c
- File type
- Windows executable
- First seen
- 2012-11-27
Registry Keys Created
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Timey
- 1ef72281
- uP□ I□□X□□s□□9□p9□@w□□c□
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Exoxef\weuxot.exe"
Processes Created
- c:\Documents and Settings\test user\application data\exoxef\weuxot.exe
- c:\windows\system32\cmd.exe
IP Connections
- 108.82.169.160:20007
- 12.96.218.170:17204
- 194.94.127.98:25549
- 66.177.139.151:20904
- 71.42.39.15:22053
- 75.27.136.151:25600
- 75.56.51.58:15150
- 99.174.233.116:15379
- 99.191.25.20:13855