Troj/Zbot-DQA

Category: Viruses and Spyware Protection available since:18 Jan 2013 23:45:29 (GMT)
Type: Trojan Last Updated:24 Jan 2013 23:57:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DQA include:

Example 1

File Information

Size
61K
SHA-1
0577fb19b705cfc964f9958657f9adea5f34ebd6
MD5
8325b57cc185f661c3cff37ab728dd57
CRC-32
c4518b45
File type
Windows executable
First seen
2007-07-25

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\skype.dat
Dropped Files
  • c:\Documents and Settings\test user\Application Data\skype.ini
    Size
    4
    SHA-1
    6dc27681fc2d9660f5255fe00eaa5f1deb65d323
    MD5
    141d2555119eb32a50f41445a9341ce2
    CRC-32
    05ff983a
    File type
    A ASCII/UTF-8 file with a very small filesize (too small to be malicious)
    First seen
    2012-11-28
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    explorer.exe,c:\Documents and Settings\test user\Application Data\skype.dat
Processes Created
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://aacd.ru/ducalajutfofnoygfanqowgd-gtjgmv-ifjp-pmfv-ksyt-osmr-jlqtehjziqak-usra-bayh-mvnniosdlzzncgoybl-.php
  • http://cvbz.su/jzqr_pfxy-awrk-owpvkbqcnhousivtzjgsyhosyh-gxxiuu-prld-ezak-xxoh-pmgk-rurd-xxof_yjko_phrk_ihnovqgs.php
DNS Requests
  • aacd.ru
  • cvbz.su

Example 2

File Information

Size
62K
SHA-1
13d02856fcb0cbd44d150cdc632433892cf002fd
MD5
9c90b4f628693bdeea5a748845c30189
CRC-32
3966a685
File type
Windows executable
First seen
2007-07-25

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\skype.dat
Dropped Files
  • c:\Documents and Settings\test user\Application Data\skype.ini
    Size
    4
    SHA-1
    9d3696a43b9f4c15dfbbdef9de2bd895c486d7f7
    MD5
    41532170d9cc008390e705311a4437a5
    CRC-32
    f17df55f
    File type
    A binary file with a very small filesize (too small to be malicious)
    First seen
    2012-08-06
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    explorer.exe,c:\Documents and Settings\test user\Application Data\skype.dat
Processes Created
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://bkus.su/dknqzajpfc-gtdhxsysxy_rqdiqcrulaoscu-xyuksrptdhigxvixxj-phnn_quey-hcll-dumpeanevqjutwofgb-ty.php
  • http://tdlv.ru/ehatrz-prxt-gxty-ebpaybprnhmv-tedhejdgkfftpbriyndmcqlznnoetf-nfrz-cjrc_ihbwwpcafprkixzortri-.php
DNS Requests
  • bkus.su
  • tdlv.ru

Example 3

File Information

Size
44K
SHA-1
22dbc8d94e2b5d3d8adcd59ad8f755572c12c28f
MD5
d8b8239b5ac63b85e63547da287f6ecc
CRC-32
4487329f
File type
Windows executable
First seen
2013-01-18

Runtime Analysis

HTTP Requests
  • http://chetangiri.com/q.htm
  • http://interior-hits.net/r.htm
  • http://latviaexpo.com/f.htm
  • http://pila12.webd.pl/e.htm
  • http://s285363409.online.de/d.htm
  • http://seofuchs.de/y.htm
  • http://sorach.com/s.htm
  • http://workflow.trailblazerinfosoft.com/z.htm
DNS Requests
  • chetangiri.com
  • interior-hits.net
  • latviaexpo.com
  • pila12.webd.pl
  • s285363409.online.de
  • seofuchs.de
  • sorach.com
  • workflow.trailblazerinfosoft.com

download Try Sophos products for free
Download now