Troj/Zbot-DXZ

Category: Viruses and Spyware Protection available since:18 Feb 2013 10:08:55 (GMT)
Type: Trojan Last Updated:18 Feb 2013 10:08:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DXZ include:

Example 1

File Information

Size
344K
SHA-1
25721ea5f753b2439f78bf0a0519240ca7874e82
MD5
7f458fae215c02f20e08f6fa226541d0
CRC-32
2fefa4dc
File type
Microsoft Word 95 to 2003
First seen
2013-02-18

Example 2

File Information

Size
323K
SHA-1
6552b30d84021a2cad4c26bd07d4308c3dc7e333
MD5
540293c147e9a8c18d4842a1d2b8e7b2
CRC-32
2a1f0372
File type
Windows executable
First seen
2013-02-18

Runtime Analysis

Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {75E13A8C-C3E7-FD7C-FBC3-6909A8B1B43D}
    "c:\Documents and Settings\test user\Application Data\Gema\eqibqib.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Inbumu
    Qamyxu
    □y□□J□□□□p□□□□□□□□□□□□□□□□□□v□`□□PL□□t□@□□□□□□□□0□□□□□0R□□□□0□□ &□p□□@□□`□□P□□□□□@[□□9□□□□ □□□□□□O□□□□□□□□~□□□□□.□□n□□u□□□□□r□□□□@ □□?□□-□□□□□□□ q□@□□□□□□□□□*□□□□p}□ □□□*□□S□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    fe 56 a8 8b a3 0d ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\gema\eqibqib.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • www.melimalo.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information