Troj/Zbot-DQQ

Category: Viruses and Spyware Protection available since:22 Jan 2013 04:47:49 (GMT)
Type: Trojan Last Updated:22 Jan 2013 04:47:49 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DQQ exhibits the following characteristics:

File Information

Size
233K
SHA-1
79684d567e4dd0ed4a7c2a02609190e637fdc0b1
MD5
c38addc3c9c194c24e88809d0a8a39a0
CRC-32
76c1e2e4
File type
Windows executable
First seen
2013-01-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Beam\yfun.yqo
  • c:\Documents and Settings\test user\Application Data\Vualc\eqega.exe
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {D589C9C7-DDDC-6D6A-5B45-9AC8F8BCC2A8}
    "c:\Documents and Settings\test user\Application Data\Vualc\eqega.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Atok
    Ziaszody
    □@□□2□□□□□Y□□_□□□□ □□g□@□□□□□□F□ 2□□□□□□□ /□ □□□□□□□□□j□`□□□□□□□□□□□□□□□y□□□□□s□□=□□%□□□□□s□□U□□□□□□□□□□□g□`□□0□□□D□□□□□y□P□□ □□P□□□{□□□□ □□`w□□{□PP□□□□□i□p.□□□□□□□ □□0□□□g□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    38 e1 e4 7e 3d f8 cd 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\vualc\eqega.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://riggersinternational.co.in/alpha/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • riggersinternational.co.in
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information