Troj/Zbot-DEW exhibits the following characteristics:
File Information
- Size
- 159K
- SHA-1
- f6e7986daef158f4e4a13f8f3f14b7d6016777cd
- MD5
- 3dfd0f3d9be633e19aff2fc56cc5bebc
- CRC-32
- ddee1cb2
- File type
- Windows executable
- First seen
- 2012-12-05
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Pyohva\ziysh.exe
- Size
- 159K
- SHA-1
- a7a881506374cd4c637615113e456c15bb0881a9
- MD5
- a031905e0c586c08b14ccde2d73f5c93
- CRC-32
- d3d960e2
- File type
- Windows executable
- First seen
- 2012-12-06
Registry Keys Created
- HKCU\Software\Microsoft\Oryvle
- Huokku
- □z□0?□0□□ O□□h□`~□□□□□$□□a□□□□□□□p□□□□□□□□□r□□□□P□□□V□□/□ □□□□□p□□`a□p□□□□□P□□□□□□□□□□□□□□P□□□(□□□□□□□□□□`U□□□□□□□□□□pB□P□□□□□□□□p□□□□□@m□□□□□□□□□□□~□□{□□□□□□□□=□0□□□□□Pr□□O□
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- ziysh.exe
- "c:\Documents and Settings\test user\Application Data\Pyohva\ziysh.exe"
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1A10
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A10
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\application data\pyohva\ziysh.exe
- c:\windows\system32\cmd.exe
DNS Requests