Troj/Zbot-DZT

Category: Viruses and Spyware Protection available since:23 Feb 2013 07:22:55 (GMT)
Type: Trojan Last Updated:23 Feb 2013 07:22:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-DZT include:

Example 1

File Information

Size
1.1M
SHA-1
edfa57ab58e9a64212fb1a5f26af31adcd1f62a8
MD5
15c3b37a2d7b32842f540a1aaaea4041
CRC-32
f42e0b44
File type
Windows executable
First seen
2013-02-23

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Anwib\apce.vai
    Size
    477
    SHA-1
    58993b9546fc1bd078ab23b296200c5906be97c5
    MD5
    f97295cdab2e654276c509361c7b78df
    CRC-32
    8a3c6137
    File type
    Unspecified binary - probably data
    First seen
    2013-02-23
  • c:\Documents and Settings\test user\Application Data\Xicoby\azmue.exe
    Size
    1.1M
    SHA-1
    ffa2b4aab18e4dab87bf5527be7a7caed2a0feea
    MD5
    eb333715baf3fbdafe6b0b9ee7ec3ba0
    CRC-32
    1726e098
    File type
    Windows executable
    First seen
    2013-02-23
  • C:\debug.txt
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Apyp
    Idezik
    3v□□□□`1□pl□p□□□>□□M□□□□□□□□□□□□□@□□□□□ □□□2□ □□□□□□C□0□□p□□□□□□□□□□□P□□□5□□C□`o□□V□□□□□]□□□□□□□□□□0□□□E□□□□□□□□□□pd□`!□□□□□□□□D□□[□p9□□□□`W□□=□ □□p□□□#□□□□□□□□;□P□□ □□□□□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {4CEEC77F-003B-2597-CF84-EE255D9B893A}
    "c:\Documents and Settings\test user\Application Data\Xicoby\azmue.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    62 c9 d4 0f 6e 11 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\xicoby\azmue.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://ric1.softgenius.co.in/ric1.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • ric1.softgenius.co.in
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
1.1M
SHA-1
ffa2b4aab18e4dab87bf5527be7a7caed2a0feea
MD5
eb333715baf3fbdafe6b0b9ee7ec3ba0
CRC-32
1726e098
File type
Windows executable
First seen
2013-02-23

Other vendor detection

Avira
TR/Dropper.Gen

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information