Troj/Zbot-DED

Category: Viruses and Spyware Protection available since:05 Dec 2012 08:20:24 (GMT)
Type: Trojan Last Updated:05 Dec 2012 08:20:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DED exhibits the following characteristics:

File Information

Size
324K
SHA-1
8345da25846c8d73065b987968272714ca785cfb
MD5
1af87ca8b6141d34ad5fdf85644edec3
CRC-32
ab568786
File type
Windows executable
First seen
2012-12-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    997dec02dccd7beb7f7cb8a9afc4a0d1f1ad0310
    MD5
    786edb549b2a6e7dbc95f53cac95d63a
    CRC-32
    cbcf020c
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-12-05
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    4a71d244f1aa68771945dc61f40798f2b12a5f83
    MD5
    9414b606ad4c27144c6e11ccf855854e
    CRC-32
    06be6c5b
    File type
    Unspecified binary - probably data
    First seen
    2012-12-05
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
IP Connections
  • 146.185.255.219:443
  • 66.197.250.229:443
DNS Requests
  • whatwillber.com

download Try Sophos products for free
Download now