Troj/Zbot-DKC exhibits the following characteristics:
File Information
- Size
- 94K
- SHA-1
- 568877f314e30823e5a647f0dcba9541808f2c3f
- MD5
- 9a859d19fce6f762d2886d8e88d119d7
- CRC-32
- 2c7c8731
- File type
- application/x-ms-dos-executable
- First seen
- 2012-12-29
Runtime Analysis
Copies Itself To
- C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe
Dropped Files
- C:\Documents and Settings\All Users\Application Data\pcdfdata\app.ico
- Size
- 5.4K
- SHA-1
- 540c4ebf6f046d24ffa08dfa702ac10737b87729
- MD5
- b8e72a9efb6c21e5fbc3325613840d53
- CRC-32
- d8bc596c
- File type
- Unspecified binary - probably data
- First seen
- 2012-10-10
- C:\Documents and Settings\All Users\Desktop\XP Defender.lnk
- Size
- 1.9K
- SHA-1
- 809674c7c1d1a5db3b92674ee45af7dc6b6d4465
- MD5
- 3a9e39476e91e02c8e35904e7b1d1d5c
- CRC-32
- ab6ca925
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-29
- C:\Documents and Settings\All Users\Start Menu\Programs\XP Defender\XP Defender Help and Support.lnk
- Size
- 2.0K
- SHA-1
- e43b47c1e404dcbe5fa780ef31cb8cb2f4df46b3
- MD5
- 6e183bcda688f99cd8a4fd6679b76abe
- CRC-32
- ecdbd8ec
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-29
- C:\Documents and Settings\All Users\Application Data\pcdfdata\support.ico
- Size
- 5.4K
- SHA-1
- 3591902ad791749bc41b6b9b88b1404133a40a24
- MD5
- b7ffd811a9e7ba588fdd6afa04cc1f45
- CRC-32
- 5d8cc29a
- File type
- Unspecified binary - probably data
- First seen
- 2012-10-10
- C:\Documents and Settings\All Users\Start Menu\Programs\XP Defender\XP Defender.lnk
- Size
- 1.9K
- SHA-1
- 53f8daff9a8125df485a41e090890576c13a6ac8
- MD5
- 165c59a27c6547f2bf3e420f3a35d4d6
- CRC-32
- 16196d3e
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-29
- C:\Documents and Settings\All Users\Application Data\pcdfdata\vl.bin
- Size
- 1.2M
- SHA-1
- ea1414c87abbc85aab1f043f496dfc503dd34e3d
- MD5
- 00f30f3a5e7f3b2ef073e7b7b4e93195
- CRC-32
- 03517131
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-29
- C:\Documents and Settings\All Users\Start Menu\Programs\XP Defender\Remove XP Defender.lnk
- Size
- 2.0K
- SHA-1
- 9ebcfcb6a0790843dfe5ae76e2d42ec924eefcf9
- MD5
- bc40d915240f20a5bcd36df496b1cc3a
- CRC-32
- 466465af
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-29
- C:\Documents and Settings\All Users\Application Data\pcdfdata\uninst.ico
- Size
- 5.4K
- SHA-1
- 0f26f26d2164702f8c01fa166f81ed016a1ebaad
- MD5
- b91f284af1cc7ba0c8e4c039b3d6fbdc
- CRC-32
- b6238442
- File type
- Unspecified binary - probably data
- First seen
- 2012-10-10
- C:\Documents and Settings\All Users\Application Data\pcdfdata\defs.bin
- Size
- 475K
- SHA-1
- 8b6766c77685fea980971e1be5bc757a99447059
- MD5
- 53b5ecb075d1d0c144a4632692facbbb
- CRC-32
- df2fc990
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-29
Registry Keys Created
- HKCU_Classes\.exe\shell\runas\command
- IsolatedCommand
- "%1" %*
- HKCU\Software\Classes\.exe\DefaultIcon
- (Default)
- %1
- HKCU_Classes\.exe
- Content Type
- ap□□l□□c□□t□□o□□/□□-□□
- HKCU\Software\Classes\.exe\shell\open\command
- IsolatedCommand
- "%1" %*
- HKCU_Classes\.exe\shell\open\command
- IsolatedCommand
- "%1" %*
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
- DisplayIcon
- C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe,0
- HKCU\Software\Classes\.exe
- Content Type
- ap□□l□□c□□t□□o□□/□□-□□
- HKCU\Software\Classes\.exe\shell\runas\command
- IsolatedCommand
- "%1" %*
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- pcdfsvc
- C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe /min
- HKCU_Classes\.exe\DefaultIcon
- (Default)
- %1
HTTP Requests
- http://shredtends.info/api/ping
- http://shredtends.info/api/test
- http://shredtends.info/content/sccx
- http://shredtends.info/html/viruslist/
- http://shredtends.info/load/
DNS Requests