Troj/Zbot-DQG exhibits the following characteristics:
File Information
- Size
- 290K
- SHA-1
- 0fffce5e96b81d0eca23f2903bdd79d66fabde19
- MD5
- 7851da690999f477b91d79ddc77e6dbd
- CRC-32
- 2755782d
- File type
- Windows executable
- First seen
- 2013-01-20
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Juupx\diek.exe
- Size
- 290K
- SHA-1
- fa1b1625cee0e7db92a7d945bd9ababe4d96d7b7
- MD5
- b1e32b44e6b9c91cd87aac10ce0233ae
- CRC-32
- 5852c4d0
- File type
- Windows executable
- First seen
- 2013-01-20
- c:\Documents and Settings\test user\Local Settings\Application Data\opytne.iwh
- Size
- 477
- SHA-1
- 13a863a57f5829fe9ebc35478dc4626df2226793
- MD5
- 92813e4865efdb2f2508bf7d5ecbc11c
- CRC-32
- 38c05904
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-20
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Juupx\diek.exe"
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Igreyd
- 6b03fej
- □p□□□□□□□`□□□□□@b□
Processes Created
- c:\Documents and Settings\test user\application data\juupx\diek.exe
- c:\windows\system32\cmd.exe
IP Connections
- 1.186.47.244:16276
- 108.244.0.234:29286
- 108.83.233.190:15683
- 173.212.188.17:20051
- 180.247.151.5:29867
- 50.147.96.104:27460
- 64.219.114.114:13503
- 71.42.56.253:22652
- 72.242.76.111:17515
- 75.149.35.132:29390