Examples of Troj/Zbot-DUZ include:
Example 1
File Information
- Size
- 141K
- SHA-1
- 0029398a24b26ca3f1ef1adc63f9f2eeece989ce
- MD5
- 6b43461bf1deb461141700639c2a1461
- CRC-32
- 1fbec575
- File type
- Windows executable
- First seen
- 2013-01-29
Example 2
File Information
- Size
- 329K
- SHA-1
- 002f3f8855f387c734e99462bfa984de93a97d36
- MD5
- 0943bdedea7e07008f5147194acd274e
- CRC-32
- e10359b2
- File type
- Windows executable
- First seen
- 2013-03-08
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\saikdu.yzo
- Size
- 477
- SHA-1
- a60e00194175b392f2a94938e27b1125a39fddaa
- MD5
- 96f7fe3b99753724fef8291a51bfef9e
- CRC-32
- 31277713
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-08
- c:\Documents and Settings\test user\Application Data\Cesoe\vunapy.exe
- Size
- 329K
- SHA-1
- 9c9ce963565730980723c2b0a0c1b4cbaf0c593b
- MD5
- f11966fda34dd82f55a69b0d00a9819d
- CRC-32
- 5d691520
- File type
- Windows executable
- First seen
- 2013-03-08
Registry Keys Created
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Cesoe\vunapy.exe"
- HKCU\Software\Microsoft\Vaop
- b653g5a
- Ke□□I□□7□□g□`R□`0□□4□0+□
Processes Created
- c:\Documents and Settings\test user\application data\cesoe\vunapy.exe
IP Connections
- 108.211.64.46:23323
- 142.176.125.203:10568
- 151.49.166.206:10117
- 155.212.138.69:23731
- 184.156.76.158:23986
- 24.120.165.58:21251
- 50.72.177.24:25517
- 66.117.77.134:15387
- 85.9.95.205:15080
- 99.68.30.82:14974
- 99.95.152.226:27763
Example 3
File Information
- Size
- 342K
- SHA-1
- 004cd3e5f330db97b8aaa020cdb043343f82a95c
- MD5
- 819060b416813f4a07611decdfdb85b6
- CRC-32
- 9cfc3094
- File type
- Windows executable
- First seen
- 2007-08-03