Troj/Zbot-DVV

Category: Viruses and Spyware Protection available since:20 Feb 2013 03:49:20 (GMT)
Type: Trojan Last Updated:20 Feb 2013 03:49:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DVV include:

Example 1

File Information

Size
555K
SHA-1
15783b6ea84f87546ff4bc1e81116dff8bf4bd08
MD5
d0145a94b7b7a76560a74fec4ff954ea
CRC-32
f7daf556
File type
Windows executable
First seen
2013-02-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Guvyuk\educh.dex
    Size
    477
    SHA-1
    a1306c71b175209b02ede070e34156a0e2061d9e
    MD5
    c12b20e7bdb40782a2a3550e0696c5d2
    CRC-32
    285f66f9
    File type
    Unspecified binary - probably data
    First seen
    2013-02-19
  • c:\Documents and Settings\test user\Application Data\Qeece\ecze.exe
    Size
    171K
    SHA-1
    97bbe724276f5e0f336e8e4093b5a3f59ded6287
    MD5
    55c67ce5cfa1d8f01e30526a06563800
    CRC-32
    538a6b70
    File type
    Windows executable
    First seen
    2013-02-19
  • c:\Documents and Settings\test user\Application Data\Guvyuk\educh.tmp
    Size
    563
    SHA-1
    94a5d3924ef34060f320a8bd3abf0266f5eaea63
    MD5
    9bd4b2d7543f88cd65ebb7592e40b4c2
    CRC-32
    447e870a
    File type
    Unspecified binary - probably data
    First seen
    2013-02-19
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Qeece\ecze.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Goop
    Veaby
    <f□@□□ (□□E□□'□□□□P□□□□□□□□p□□ □□□J□``□P□□□□□□□□0y□□□□□□□p□□□□□0-□□□□□i□ □□ □□□□□@?□□□□p□□□□□□g□□:□□/□□□□`+□`[□□H□□□□□T□ □□□3□□□□□F□□□□Pv□p□□□□□□□□□□□`□□ □□□V□0X□□□□□□□P□□P=□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    4e d7 b3 99 f9 0e ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\qeece\ecze.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://dbbr.com.br/~dbbrcom/vices/cfg.bin
DNS Requests
  • dbbr.com.br

Example 2

File Information

Size
171K
SHA-1
97bbe724276f5e0f336e8e4093b5a3f59ded6287
MD5
55c67ce5cfa1d8f01e30526a06563800
CRC-32
538a6b70
File type
Windows executable
First seen
2013-02-19

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information