Troj/Zbot-DMG

Category:	Viruses and Spyware	Protection available since:	09 Jan 2013 06:42:20 (GMT)
Type:	Trojan	Last Updated:	09 Jan 2013 06:42:20 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DMG include:

Example 1

File Information

File type: Windows executable

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Application Data\Isun\yhav.kae
Size
477
SHA-1
96785c1d060fe0218d8d37e4c09502f59d794e29
MD5
d27b38cbbb029e86f682074755b3565c
CRC-32
6c467e28
File type
Unspecified binary - probably data
First seen
2013-01-09
c:\Documents and Settings\test user\Application Data\Nacyiz\duova.exe
Size
549K
SHA-1
92aebd99d13b6254298802aeff6cd702918afec5
MD5
27179a8f5d73f37c86c811e628645804
CRC-32
a851601d
File type
Windows executable
First seen
2013-01-09
c:\Documents and Settings\test user\Application Data\Isun\yhav.tmp
Size
563
SHA-1
cbdc61d41b2a881e8310d5f4c8de5bc3d8baddd4
MD5
3c4824e04920657a03d1fae7f0ada952
CRC-32
64beeb85
File type
Unspecified binary - probably data
First seen
2013-01-09

Modified Files

%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx

Registry Keys Created

HKCU\Software\Microsoft\Piutg
Bazeuno
}□□ □□□□□□□□`k□Py□□□□□□□□/□□@□ □□□z□ D□□□□□&□ □□□<□□□□□R□p□□□□□□□□□□□@□□□□□□]□□□□□□□@s□□□□□□□p□□@k□□□□P□□`E□□D□□|□□□□□□□□□□□M□□□□@k□`□□□Q□□□□@#□□□□□v□□I□@p□□□□`□□□□□□□□□□□□□
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{FC4CAE76-26E9-5634-2129-729F76BC6121}
"c:\Documents and Settings\test user\Application Data\Nacyiz\duova.exe"
HKCU\Identities
Identity Login
0x00098053
HKCU\Software\Microsoft\Internet Explorer\Privacy
CleanCookies
0x00000000

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000
HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
Compact Check Count
0x00000008
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
TimeStamp
20 6c b9 d2 1a ee cd 01

Processes Created

c:\Documents and Settings\test user\application data\nacyiz\duova.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://cqbx.org/slat/config.bin

DNS Requests

cqbx.org

Example 2

File Information

Size: 549K
SHA-1: 92aebd99d13b6254298802aeff6cd702918afec5
MD5: 27179a8f5d73f37c86c811e628645804
CRC-32: a851601d
File type: Windows executable
First seen: 2013-01-09

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Zbot-DMG

Example 1

File Information

Runtime Analysis

Dropped Files

Modified Files

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

DNS Requests

Example 2

File Information

Free Mac Anti-Virus

Popular topics