Troj/Zbot-DHN

Category:	Viruses and Spyware	Protection available since:	18 Dec 2012 20:21:23 (GMT)
Type:	Trojan	Last Updated:	07 Jan 2013 23:55:15 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DHN include:

Example 1

File Information

Size: 360K
SHA-1: 0014eff1d0f9be36172b7aa4dd0c280614a6f522
MD5: 23a14c2ee72819a96bf057bcc910c991
CRC-32: 86bea982
File type: Windows executable
First seen: 2012-11-27

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Application Data\Naguev\ehak.exe
Size
360K
SHA-1
617445e12f0064cbace7b77928f89ac382893fea
MD5
4f95339a6ea2c32bfaac6513f2e31c34
CRC-32
e3def44c
File type
Windows executable
First seen
2012-11-27
c:\Documents and Settings\test user\Local Settings\Application Data\reol.xoo
Size
477
SHA-1
827fff0d01710a9c419f622f454092937b56f063
MD5
ac417af24e0d1754c42523d7edb59620
CRC-32
4c442295
File type
Unspecified binary - probably data
First seen
2012-11-27

Registry Keys Created

HKCU\Identities
Identity Login
0x00098053
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
"c:\Documents and Settings\test user\Application Data\Naguev\ehak.exe"
HKCU\Software\Microsoft\Rios
1gjjg90e
KO□PD□PJ□□c□□O□□R□□W□□U□

Processes Created

c:\Documents and Settings\test user\application data\naguev\ehak.exe

IP Connections

108.82.169.160:20007
125.236.132.12:10505
178.25.2.100:29604
184.184.247.60:23089
193.120.96.207:22034
66.177.139.151:20904
70.138.242.12:13308
72.24.69.88:17132
74.0.6.213:13905
86.173.49.51:13901
99.103.223.24:13874
99.126.22.157:18029

Example 2

File Information

Size: 453K
SHA-1: 002f68ed3b6643e7953f0e9e5fd7a71a4e6e1777
MD5: 6b8bc605edad49b1baba2341b51166ba
CRC-32: 3835c554
File type: Windows executable
First seen: 2012-08-30

Example 3

File Information

Size: 315K
SHA-1: 003f3db7b2b96a8c0b7f37c8c0cd2f46421ab7cd
MD5: 272a7c8e1f7fb26b17d00e2295d2d8cf
CRC-32: df948667
File type: Windows executable
First seen: 2012-05-28

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Application Data\Zavy\ohzue.exe
Size
315K
SHA-1
235c4626d6558267ae759a463c2efc9aeafdccc8
MD5
c8b7d34ef9ed8912737445e40384b821
CRC-32
47816642
File type
Windows executable
First seen
2012-05-28

Processes Created

c:\windows\system32\cmd.exe

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Zbot-DHN

Example 1

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

IP Connections

Example 2

File Information

Example 3

File Information

Runtime Analysis

Dropped Files

Processes Created

Free Mac Anti-Virus

Popular topics