Troj/Zbot-DSQ

Category:	Viruses and Spyware	Protection available since:	28 Jan 2013 17:00:28 (GMT)
Type:	Trojan	Last Updated:	28 Jan 2013 17:00:28 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DSQ include:

Example 1

File Information

Size: 317K
SHA-1: 8e19c5903b9937e0558418b9f95b97836e1ef9c3
MD5: b18c63d2dccce93d8ab2ef1bea57e0c7
CRC-32: 3482d5ee
File type: Windows executable
First seen: 2013-01-28

Example 2

File Information

Size: 111K
SHA-1: d37a0709bcf2b361b9b65ab1acf09b07d8ec918c
MD5: adc79ddd078e7b9d6743c6d004d2648f
CRC-32: dbced988
File type: Windows executable
First seen: 2013-01-28

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Application Data\ogoge.ifu
Size
477
SHA-1
e9b2492ee8424a4f0b1999e30526d20f223481e0
MD5
07630002bbeb610765d64b056737019f
CRC-32
991e1d47
File type
Unspecified binary - probably data
First seen
2013-01-28
c:\Documents and Settings\test user\Application Data\Arovik\waimdy.exe
Size
317K
SHA-1
8e19c5903b9937e0558418b9f95b97836e1ef9c3
MD5
b18c63d2dccce93d8ab2ef1bea57e0c7
CRC-32
3482d5ee
File type
Windows executable
First seen
2013-01-28

Registry Keys Created

HKCU\Software\Microsoft\Pyhao
2ijad677
OR□@l□0n□□+□ s□□a□ o□□S□
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
"c:\Documents and Settings\test user\Application Data\Arovik\waimdy.exe"
HKCU\Identities
Identity Login
0x00098053
HKCU\Software\WinRAR
C8022EA25DE3573A96078BB6ADC273A9
tr□Pe□

Processes Created

c:\Documents and Settings\test user\application data\arovik\waimdy.exe
c:\docume~1\support\locals~1\temp\121890.exe
c:\docume~1\support\locals~1\temp\123468.exe
c:\docume~1\support\locals~1\temp\127406.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://indonesiascuba.com/utosi1bw.exe
http://www.dimag-giantpale.it/wbA.exe
http://www.ilonexs-koblenz.de/ba6FtC3L.exe

IP Connections

108.83.233.190:15683
206.45.59.85:15757
64.219.114.114:13503
71.43.217.3:11403
72.218.14.223:26631
76.219.198.177:13541
82.60.1.42:10552
83.111.92.83:24543
87.203.87.232:10271

DNS Requests

13.tokoaksesoriskomputer.com
indonesiascuba.com
www.dimag-giantpale.it
www.ilonexs-koblenz.de

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Zbot-DSQ

Example 1

File Information

Example 2

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

IP Connections

DNS Requests

Free Mac Anti-Virus

Popular topics