Troj/Zbot-DSJ exhibits the following characteristics:
File Information
- Size
- 412K
- SHA-1
- f4a1ec563d1d8732bfa7a13e96d7f72c273c56ef
- MD5
- ea8ac3d20ca0cc289d2f69209684b0f0
- CRC-32
- c386241c
- File type
- Windows executable
- First seen
- 2013-01-26
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Ydys\yhigxo.tmp
- Size
- 563
- SHA-1
- 83e32a49b2bd2462b48755c482ee39614838af3e
- MD5
- 434c1eadae6d5e82fa01d081cb7cd971
- CRC-32
- 07dcf821
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-27
- c:\Documents and Settings\test user\Application Data\Ydys\yhigxo.ilt
- Size
- 477
- SHA-1
- af45326216e65ac1fe7f7e669b854601928acb2a
- MD5
- 995b88ddd7fd19022bc0ded0521f8e03
- CRC-32
- 93c75022
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-27
- c:\Documents and Settings\test user\Application Data\Iwy\zazymi.exe
- Size
- 412K
- SHA-1
- 9b78036a4520a62a76792bdbfb6336b6c45cd1c7
- MD5
- 68334458a3e651dbd31ace176b9219e6
- CRC-32
- 10bd59bf
- File type
- Windows executable
- First seen
- 2013-01-27
Modified Files
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
- %windir%\explorer.exe
- %windir%\explorer.exe
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %windir%\explorer.exe
- %windir%\explorer.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {FD61411B-E17C-225B-0E8B-B323D864978E}
- "c:\Documents and Settings\test user\Application Data\Iwy\zazymi.exe"
- HKCU\Software\Microsoft\Internet Explorer\Privacy
- CleanCookies
- 0x00000000
- HKCU\Software\Microsoft\Vuik
- Anbedehe
- )h□□□□@□□□□□□□□□□□□□□0□□□□□□□□P□□`□□P□□□□□□4□□□□□□□□#□□□□□□□□w□0□□P□□0□□0□□@Z□□□□`□□@□□□□□0□□@7□□□□□□□`&□P|□0q□□□□□□□`,□□□□0□□ □□@□□@□□□z□□□□p\□□r□□□□ P□□□□`□□□□□0□□□□□□□□□□□
- HKCU\Identities
- Identity Login
- 0x00098053
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
- TimeStamp
- da 94 10 47 6d fc cd 01
- HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
- Compact Check Count
- 0x00000008
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\application data\iwy\zazymi.exe
- c:\windows\system32\cmd.exe
DNS Requests