Troj/Zbot-DEV

Category: Viruses and Spyware Protection available since:07 Dec 2012 07:22:58 (GMT)
Type: Trojan Last Updated:07 Dec 2012 07:22:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DEV exhibits the following characteristics:

File Information

Size
137K
SHA-1
5e1aefca997862441f43eea6f7fb73ebb2e9bea4
MD5
83ce749ff49e72fd980d610d98c2f1b0
CRC-32
33ce7af3
File type
Windows executable
First seen
2012-12-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Uvac\efehroo.exe
    Size
    137K
    SHA-1
    dd4ae00a78ddf5318988bef2bf7cbb33670f300c
    MD5
    fafb8846e42525efc09f2ec431157efa
    CRC-32
    720139be
    File type
    Windows executable
    First seen
    2012-12-06
  • c:\Documents and Settings\test user\Application Data\Siicawc\uwvyyn.yxo
    Size
    477
    SHA-1
    53e6e3e56a9a25a621ed4d9c5bd78205a1f83c11
    MD5
    240f2c25be49e6d1be8b76ffccbabcc3
    CRC-32
    d9ecfd6b
    File type
    Unspecified binary - probably data
    First seen
    2012-12-06
  • c:\Documents and Settings\test user\Application Data\Siicawc\uwvyyn.tmp
    Size
    315
    SHA-1
    d2ed6a22b71f0d2f836324536ae13c409f4a84c6
    MD5
    1d1ae9b7266d6cadadf8fa60855aebf3
    CRC-32
    cbc8dcba
    File type
    Unspecified binary - probably data
    First seen
    2012-12-06
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Baxeuc
    Vafeyrtiu
    □-□□w□□t□0□□p□□p□□0□□□□□0[□□□□□-□□□□□□□□□□@□□□□□@m□□9□□□□□.□□s□@□□ □□□}□□□□p□□□□□□3□P□□□□□P2□□□□□7□0□□@□□□□□PO□□a□pr□□□□0□□`□□@□□□/□□□□`@□ □□P,□□□□ □□□□□□W□□□□□□□ (□ □□□□□ =□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {02EDDFB5-5B21-2F70-6738-90E65E5665A1}
    "c:\Documents and Settings\test user\Application Data\Uvac\efehroo.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000007
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    fa 87 04 1e 03 d4 cd 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\uvac\efehroo.exe
DNS Requests
  • iffofef9fkfoefowfowk.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information