Troj/Zbot-DEY

Category: Viruses and Spyware Protection available since:07 Dec 2012 23:39:58 (GMT)
Type: Trojan Last Updated:07 Dec 2012 23:39:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DEY exhibits the following characteristics:

File Information

Size
306K
SHA-1
39f05c7ea895dfed9bc95a890f308cbf730120fe
MD5
4d6072fd5fa1422c2aff49734c622f70
CRC-32
1f835364
File type
Windows executable
First seen
2012-12-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\jioxev.urn
    Size
    477
    SHA-1
    6e80efec2cb7b4b545180f087ded3d6465d382fe
    MD5
    61beda92dfdfccb798a61961c337569b
    CRC-32
    e3c32262
    File type
    Unspecified binary - probably data
    First seen
    2012-12-07
  • c:\Documents and Settings\test user\Application Data\Ykun\opubvi.exe
    Size
    306K
    SHA-1
    c969b2f05944c453653fb137ff08c46c2ec58197
    MD5
    50181ce1b08009b7725ff5ee023acee8
    CRC-32
    d4dbd4ca
    File type
    Windows executable
    First seen
    2012-12-07
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Ykun\opubvi.exe"
  • HKCU\Software\Microsoft\Dioksa
    1ea3b6ed
    iw□ k□□3□□b□ps□0o□□3□0Z□
Processes Created
  • c:\Documents and Settings\test user\application data\ykun\opubvi.exe
IP Connections
  • 108.251.30.174:15123
  • 194.94.127.98:25549
  • 207.106.72.242:22327
  • 208.105.71.130:11827
  • 68.54.220.119:27097
  • 72.24.69.88:17132
  • 90.207.143.2:25094
  • 93.70.53.72:16997
  • 96.246.54.170:13670
  • 99.67.193.28:17560

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information