Examples of Troj/Zbot-DKB include:
Example 1
File Information
- Size
- 278K
- SHA-1
- 774ed6f61113484438365bac612ade3c52f28269
- MD5
- 881c5a59f584adc7d95c2db7ff9ec3de
- CRC-32
- a0e1235d
- File type
- Windows executable
- First seen
- 2012-12-22
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Noley\mulu.exe
- Size
- 278K
- SHA-1
- 7c12c3f5775aba96eea49fb16dfd3c165e3603c7
- MD5
- 77eb88941c64befa55b5cca4b0e2eb8d
- CRC-32
- e0e18f26
- File type
- application/x-ms-dos-executable
- First seen
- 2012-12-24
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- mulu.exe
- "c:\Documents and Settings\test user\Application Data\Noley\mulu.exe"
- HKCU\Software\Microsoft\Tygaa
- Tacyygewu
- E□□□□□□r□□,□□□□□;□0;□ □□□□□□□□□>□□□□□□□P%□□□□□□□p□□□□□□Q□□^□0R□□□□□□□□?□□Y□□$□□□□p[□ M□□w□□□□p□□`[□ □□□□□□o□□□□□□□□□□□a□□%□p□□Pn□□□□□□□□^□□□□□□□@□□p□□□□□@□□□□□@i□□□□□□□□□□□□□
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1A10
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A10
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\application data\noley\mulu.exe
DNS Requests
Example 2
File Information
- Size
- 278K
- SHA-1
- 7c12c3f5775aba96eea49fb16dfd3c165e3603c7
- MD5
- 77eb88941c64befa55b5cca4b0e2eb8d
- CRC-32
- e0e18f26
- File type
- application/x-ms-dos-executable
- First seen
- 2012-12-24