Troj/Zbot-DEC

Category: Viruses and Spyware Protection available since:05 Dec 2012 05:54:35 (GMT)
Type: Trojan Last Updated:05 Dec 2012 05:54:35 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DEC exhibits the following characteristics:

File Information

Size
304K
SHA-1
f070b1774c1d35b19561ff524af8df504ba6c996
MD5
b8171054bbe2905b2efaf685a2d0d291
CRC-32
4f9759f1
File type
Windows executable
First seen
2012-12-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Avocfo\uqur.exe
    Size
    304K
    SHA-1
    894b3cdbc07425a88de99b340465d7057118a75c
    MD5
    8a859b9ac255a14458ad4db8bbcfdf56
    CRC-32
    dfc68602
    File type
    Windows executable
    First seen
    2012-12-05
  • c:\Documents and Settings\test user\Application Data\Ifep\puax.uco
    Size
    477
    SHA-1
    7cc5475fed670e10657c1f289bea4e9f06e508e6
    MD5
    a8b1134c9b2722ca82079b9ade173a75
    CRC-32
    9372e375
    File type
    Unspecified binary - probably data
    First seen
    2012-12-05
  • C:\debug.txt
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {6DF6B4F3-38D7-464B-0174-FD56F27E0A0B}
    "c:\Documents and Settings\test user\Application Data\Avocfo\uqur.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Yqezq
    Ettoqu
    □□□□□□□A□□□□□L□□`□□?□□□□□□□□□□□6□0□□□□□□□□□□□@□□□□□□□□□□□0□□□□□□;□0□□`□□□□□□□□□□□P□□0□□@□□0.□0W□@H□0^□□}□@E□□□□□□□□b□□□□ □□`F□□□□`□□P□□□□□□□□``□□□□□□□□p□@□□□□□p□□□`□□O□p□□PL□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    3a a5 5d a8 8c d2 cd 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000007
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\avocfo\uqur.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
  • http://www.schaakverenigingalmelo.nl/familie09/scha.bin
DNS Requests
  • www.google.bg
  • www.google.com
  • www.schaakverenigingalmelo.nl

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information