Troj/Zbot-EBD

Category: Viruses and Spyware Protection available since:27 Feb 2013 14:30:09 (GMT)
Type: Trojan Last Updated:01 Mar 2013 20:02:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-EBD include:

Example 1

File Information

Size
112K
SHA-1
4015be2fb7850aea7ddbf29518ec89c3959d22e8
MD5
9461d1c99fd35299b2ce44c21da96501
CRC-32
7afa9992
File type
Windows executable
First seen
2013-02-28

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\KB00954719.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB00954719.exe
    "c:\Documents and Settings\test user\Application Data\KB00954719.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\kb00954719.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 174.143.234.138:8080
  • 188.132.213.178:8080
  • 188.138.96.241:8080
  • 194.249.217.8:8080
  • 195.191.22.90:8080
  • 203.171.234.53:8080
  • 209.17.186.246:8080
  • 210.56.23.100:8080
  • 212.68.63.82:8080
  • 213.214.74.5:8080
  • 221.143.48.6:8080
  • 31.3.103.101:8080
  • 64.85.53.168:8080
  • 72.251.206.90:8080
  • 79.142.33.21:8080
  • 82.100.228.130:8080
  • 85.214.143.90:8080
  • 88.119.156.20:8080

Example 2

File Information

Size
112K
SHA-1
9eb524f7b5d79ae67b24c5b1510c7e6f38bbbcf2
MD5
b59bbbf730e20bc0da65a612072fbc45
CRC-32
8e1118f5
File type
Windows executable
First seen
2011-12-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\KB00954719.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB00954719.exe
    "c:\Documents and Settings\test user\Application Data\KB00954719.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\kb00954719.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 174.143.234.138:8080
  • 188.132.213.178:8080
  • 188.138.96.241:8080
  • 194.249.217.8:8080
  • 195.191.22.90:8080
  • 203.171.234.53:8080
  • 209.17.186.246:8080
  • 210.56.23.100:8080
  • 212.68.63.82:8080
  • 213.214.74.5:8080
  • 221.143.48.6:8080
  • 31.3.103.101:8080
  • 64.85.53.168:8080
  • 72.251.206.90:8080
  • 79.142.33.21:8080
  • 82.100.228.130:8080
  • 85.214.143.90:8080
  • 88.119.156.20:8080

Example 3

File Information

Size
112K
SHA-1
f5ffe16c6c4668e8b3981306782d3b47b98eba87
MD5
e0f7ac95f1830a2387fa5b7ea0065e9b
CRC-32
8b0602eb
File type
Windows executable
First seen
2013-02-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\KB00954719.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB00954719.exe
    "c:\Documents and Settings\test user\Application Data\KB00954719.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\kb00954719.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 174.143.234.138:8080
  • 188.132.213.178:8080
  • 188.138.96.241:8080
  • 194.249.217.8:8080
  • 195.191.22.90:8080
  • 203.171.234.53:8080
  • 209.17.186.246:8080
  • 210.56.23.100:8080
  • 212.68.63.82:8080
  • 213.214.74.5:8080
  • 221.143.48.6:8080
  • 31.3.103.101:8080
  • 64.85.53.168:8080
  • 72.251.206.90:8080
  • 79.142.33.21:8080
  • 82.100.228.130:8080
  • 85.214.143.90:8080
  • 88.119.156.20:8080

download Try Sophos products for free
Download now