Troj/Zbot-DXS

Category:	Viruses and Spyware	Protection available since:	17 Feb 2013 20:36:39 (GMT)
Type:	Trojan	Last Updated:	17 Feb 2013 20:36:39 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DXS exhibits the following characteristics:

File Information

Size: 94K
SHA-1: 4a1dae6be48280b4d39105ce9d4fc5700e56774d
MD5: 33cf63e9cd96d91f4147ae8609b54d54
CRC-32: e97f8e01
File type: Windows executable
First seen: 2013-02-17

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
Size
740
SHA-1
7b181cd47b7da2135a81c85098e41d1cee20ae89
MD5
ccb985b4dd4fc196cbdcdb40b69d70b2
CRC-32
ae2ba30d
File type
Windows Shortcut file (.LNK)
First seen
2013-02-17
C:\Documents and Settings\All Users\Application Data\elpmas.pad
Size
91M
SHA-1
1569ee7ce3cf66645a18a74c6a4ce2546c2dcdce
MD5
c385cb29f91fe02be4b4294ecd980495
CRC-32
24303a44
File type
Unspecified binary - probably data
First seen
2013-02-17
C:\Documents and Settings\All Users\Application Data\elpmas.js
Size
2.4K
SHA-1
793977c2d5ea4834c4741af9aa58369406504ae7
MD5
4f4ccbf6cdcd37d863d21553635089dc
CRC-32
250f23fb
File type
JavaScript
First seen
2013-01-24

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2500
0x00000003
HKCU\Software\Microsoft\Internet Explorer\Main
NoProtectedModeBanner
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2500
0x00000003

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000

IP Connections

37.139.53.117:443
66.197.217.85:443
66.197.217.85:80

DNS Requests

whatwillber.com

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Zbot-DXS

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

IP Connections

DNS Requests

Free Mac Anti-Virus

Popular topics