Troj/Zbot-DNM

Category: Viruses and Spyware Protection available since:12 Jan 2013 00:51:46 (GMT)
Type: Trojan Last Updated:12 Jan 2013 00:51:46 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DNM exhibits the following characteristics:

File Information

Size
158K
SHA-1
1301b81654e9ecf4872437e6085ab2d6d23f142f
MD5
bbba4ed2760a781f9cfeb733ec1808c8
CRC-32
cd34510d
File type
Windows executable
First seen
2013-01-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Wopo\dice.exe
    Size
    158K
    SHA-1
    ce70c9f34b8f9e4fac8b197a59bbbddcbc005f2e
    MD5
    53ea4009f5265b6eef786a57e1d73181
    CRC-32
    3a9a8728
    File type
    Windows executable
    First seen
    2013-01-11
  • c:\Documents and Settings\test user\Application Data\Roocpo\okuc.lyu
    Size
    563
    SHA-1
    e93cb28682eac03b8a429a5e0007dbaca7a7e75b
    MD5
    ee66f1a052e7e0f1c9a794bda0ba5ee2
    CRC-32
    ff524c40
    File type
    Unspecified binary - probably data
    First seen
    2013-01-11
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B0D7199F-4B4C-B415-068B-387409BEB3BF}
    "c:\Documents and Settings\test user\Application Data\Wopo\dice.exe"
  • HKCU\Software\Microsoft\Luri
    Ciezpinu
    8e a3 10 cb 90 ba f9 99 f6 46 a8 13 7b 8c cf 71 da 89 cd f2 1f f0 ec 8e eb be ca 60 51 81 90 ae cb d2 32 97 47 0f 92 71 d5 34 c9 e6 67 7e e0 6c 6b 95 a3 17 7f 63 44 79 d0 38 92 d6 72 f0 2c 74 97 d0 96 4b d5 3b 49 57 aa 49 1c 0a f1 fb 44 ce 73 56 16 08 9c cc 4e 54 4a aa 34 3b c9 0d 00 56 0f ca 4a b6 ca 65 5d ad 9e 98 8a 3b 30 a7 7d f0 2d 91 28 99 43 44 90 84 ae ad fc ce e9 1b 70 b2 41 66 b2 31 ab bf c3 1e 07 ff f9 83 c0 da c7 59 d3 95 6f 88 ae 3a 85 b6 a8 e3 01 83 cb eb 66 35 90 33 60 fd 16 04 7b 4c b4 66 e3 09 58 14 82 b5 23 6a a4 61 36 fa b8 85 dc 01 23 ad 2f 8e 22 cc 73 a1 9a c3 6b 49 50 82 2a 12 b1 0d 4e 71 c4 ad 74 d6 52 1b 4d e6 45 10 24 28 a5 33 47 99 f5 f7 b0 5d 8b e5 d0 cf f8 90 4d 0f e4 7c e0 8d 04 44 f3 21 71 5c 71 f4 3e 8f 4b cb d6 3b 26 5c dc a4 [... 151134 intervening characters ...] 90 86 d0 c7 0d 2d c7 23 a1 d8 6e 69 88 14 7a 77 2c b8 a5 e7 7c d0 b3 c1 29 bd 54 26 3f a2 c2 8a 78 e0 5b 62 0d 13 29 91 f5 8d 76 5c 91 43 11 e3 5a 35 f2 70 d4 6d 33 20 b6 16 92 6f bb 9b fa fa
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\wopo\dice.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://bullion-profits.com/cgi_bin/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • bullion-profits.com
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information