Troj/Zbot-DMF

Category:	Viruses and Spyware	Protection available since:	09 Jan 2013 06:42:20 (GMT)
Type:	Trojan	Last Updated:	09 Jan 2013 06:42:20 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DMF include:

Example 1

File Information

Size: 313K
SHA-1: 3f76bd300565e9dfda521f45e818133e211df780
MD5: 5eb82f60ca4b768cffc8e89d96e2b6a9
CRC-32: c0817a04
File type: Windows executable
First seen: 2013-01-09

Example 2

File Information

Size: 313K
SHA-1: aa381c3b8a03efe4806df615581d8b47d4924a79
MD5: 9c91800e1edf8352c3ca85cb8dccf137
CRC-32: 5b690897
File type: Windows executable
First seen: 2013-01-06

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Application Data\Fyetky\ogdyi.exe
Size
313K
SHA-1
3f76bd300565e9dfda521f45e818133e211df780
MD5
5eb82f60ca4b768cffc8e89d96e2b6a9
CRC-32
c0817a04
File type
Windows executable
First seen
2013-01-09
c:\Documents and Settings\test user\Application Data\Geimh\peyfe.lui
Size
477
SHA-1
c9bfabb013b210a3de81157923fcc50e5b2b2f2b
MD5
97ff6d047bbaac456fdefa866ff0aa7b
CRC-32
473f3997
File type
Unspecified binary - probably data
First seen
2013-01-09
c:\Documents and Settings\test user\Application Data\Geimh\peyfe.tmp
Size
563
SHA-1
79390a496b8a36abe187a9d5fac6c19ef77fbd08
MD5
92163186c93973993c104ad694de01c0
CRC-32
043d9a16
File type
Unspecified binary - probably data
First seen
2013-01-09

Modified Files

%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{972AB5A2-F13F-DAB0-630F-5C124CD2B1CC}
"c:\Documents and Settings\test user\Application Data\Fyetky\ogdyi.exe"
HKCU\Identities
Identity Login
0x00098053
HKCU\Software\Microsoft\Internet Explorer\Privacy
CleanCookies
0x00000000
HKCU\Software\Microsoft\Obweq
Isenqo
G□□0□□`;□□□□□t□@□□□`□□R□P□□0□□□□□@□□P%□□Q□P□□□□□p□□□@□□□□□□□ M□`□□□N□□F□p+□□□□□□□ □□□Q□□□□p□□□□□□l□□□□□□□□□□□□□□□□□□□□a□□□□□!□P□□□□□□@□□2□□□□□R□□□□@□□□W□□q□□□□□□□□0□@□□□□□□□□

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000
HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
Compact Check Count
0x00000008
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
TimeStamp
6a 8d 9b df 1a ee cd 01

Processes Created

c:\Documents and Settings\test user\application data\fyetky\ogdyi.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://simkorw.org/likes/config.bin

DNS Requests

simkorw.org

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Zbot-DMF

Example 1

File Information

Example 2

File Information

Runtime Analysis

Dropped Files

Modified Files

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

DNS Requests

Free Mac Anti-Virus

Popular topics