Troj/Zbot-DXX

Category: Viruses and Spyware Protection available since:18 Feb 2013 07:26:45 (GMT)
Type: Trojan Last Updated:18 Feb 2013 07:26:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DXX include:

Example 1

File Information

Size
441K
SHA-1
31c202080ccef13ba75aec9f5eb116d04499476b
MD5
8964b632e24fb2157e0d660ea2e3525f
CRC-32
ca7f3861
File type
Windows executable
First seen
2013-02-18

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ytze\xisyi.exe
    Size
    441K
    SHA-1
    40cd7753c96a216326c39c9bd66dce7fe8ee9567
    MD5
    942b629c895d81b93935dffea8f0f834
    CRC-32
    d05f1af1
    File type
    Windows executable
    First seen
    2013-02-18
  • c:\Documents and Settings\test user\Application Data\Vubog\gukua.ake
    Size
    477
    SHA-1
    cd77076017b5392234cb62a30876153e84df1a82
    MD5
    c5795fc5f2d470f2628358a6eeb99a8c
    CRC-32
    8db7738b
    File type
    Unspecified binary - probably data
    First seen
    2013-02-18
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Ykyqwy
    Vuzi
    `□□□□□□A□ □□□-□□□□□□□□□□□□□□□@□□`m□□□□0l□□□□0□□pw□□T□□□□0□□□5□0□□ □□P□□□□□□/□P□□PV□□□□□□□Pk□□!□□□□P□□□M□@□□@;□P□□□□□@□□`□□@<□ □□□□□ □□□□□0E□□,□□□□ J□0□□0~□□□□0□□P□□□□□□□□@7□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {2394133C-7F40-D03B-117B-22003CAC3608}
    "c:\Documents and Settings\test user\Application Data\Ytze\xisyi.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    ae 91 3f 45 90 0d ce 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\ytze\xisyi.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
  • http://www.managingupsystems.com/clsse/verb/config.bin
DNS Requests
  • www.google.bg
  • www.google.com
  • www.managingupsystems.com

Example 2

File Information

Size
441K
SHA-1
40cd7753c96a216326c39c9bd66dce7fe8ee9567
MD5
942b629c895d81b93935dffea8f0f834
CRC-32
d05f1af1
File type
Windows executable
First seen
2013-02-18

download Try Sophos products for free
Download now