Troj/Zbot-DQX

Category: Viruses and Spyware Protection available since:22 Jan 2013 10:55:30 (GMT)
Type: Trojan Last Updated:22 Jan 2013 10:55:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DQX exhibits the following characteristics:

File Information

Size
409K
SHA-1
77b4b863373579733ee9fa2f2d03dcd62ffe379f
MD5
aba1bdd6b2b0a45dc344e39977240219
CRC-32
4fec846d
File type
Windows executable
First seen
2013-01-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Azle\ivoxosr.exe
    Size
    409K
    SHA-1
    32c6033e5499c01a4692d2079eba57adff905fc4
    MD5
    904a33a8015ce6bd336ca34c12f392a5
    CRC-32
    9e961551
    File type
    Windows executable
    First seen
    2013-01-22
  • c:\Documents and Settings\test user\Application Data\Cexaw\tekieku.mio
    Size
    477
    SHA-1
    ee61912a6b4c291448c3ace8f1d054b871bb408b
    MD5
    fd7bd2cb9707d1a598778da0b926d2a4
    CRC-32
    fdde4a0e
    File type
    Unspecified binary - probably data
    First seen
    2013-01-22
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Yloc
    Arob
    6\□ □□`,□`□□□□□□□□□□□p□□□x□□.□0□□`□□□-□□□□p□□p□□□□□`□□□T□□!□□□□0□□h□□x□□%□0□□□□□ Y□□□□□□□□□□□□□□□□P□□ !□□Z□□h□□□□PA□□□□`□□□□□□T□□□□□5□p□□`Y□□P□□□□□□□@T□□L□□□□@3□□□□□^□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {FD61411B-E17C-225B-0E8B-B323D864978E}
    "c:\Documents and Settings\test user\Application Data\Azle\ivoxosr.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    44 db 78 96 68 f8 cd 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\azle\ivoxosr.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • world2012mne.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information