Troj/Zbot-DGC

Category: Viruses and Spyware Protection available since:11 Dec 2012 19:58:47 (GMT)
Type: Trojan Last Updated:11 Dec 2012 19:58:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DGC include:

Example 1

File Information

Size
446K
SHA-1
1159458ea6d369127a0a829b2f3282f4332d19ae
MD5
c44945fc4cc1e41b09a648f013199f2c
CRC-32
d9bce748
File type
application/x-ms-dos-executable
First seen
2012-12-11

Example 2

File Information

Size
446K
SHA-1
723dd5430d96c97325455b4ebad5dd597ae610c4
MD5
3a95342f16245920b57992ca5ebc58cb
CRC-32
40868639
File type
Windows executable
First seen
2012-12-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\alyqi.ymt
    Size
    477
    SHA-1
    7a3433f9e2c0c3402f7de7b5587afb5bb65bb043
    MD5
    a82b6bc4589d66cb2cf5df01a0091815
    CRC-32
    dbc1c34d
    File type
    application/octet-stream
    First seen
    2012-12-11
  • c:\Documents and Settings\test user\Application Data\Gonou\aqih.exe
    Size
    446K
    SHA-1
    1159458ea6d369127a0a829b2f3282f4332d19ae
    MD5
    c44945fc4cc1e41b09a648f013199f2c
    CRC-32
    d9bce748
    File type
    application/x-ms-dos-executable
    First seen
    2012-12-11
Registry Keys Created
  • HKCU\Software\Microsoft\Iweq
    2j2bhgb0
    □□□□□□p6□@□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Gonou\aqih.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Processes Created
  • c:\Documents and Settings\test user\application data\gonou\aqih.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 108.253.70.122:12386
  • 2.40.178.44:10339
  • 219.74.4.179:22128
  • 65.75.124.15:22832
  • 68.54.220.119:27097
  • 76.202.141.223:19131
  • 85.130.38.143:15431
  • 96.246.54.170:13670
  • 99.59.134.135:26170

download Try Sophos products for free
Download now