Troj/Zbot-ECN

Category: Viruses and Spyware Protection available since:11 Mar 2013 13:19:46 (GMT)
Type: Trojan Last Updated:11 Mar 2013 13:19:46 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-ECN exhibits the following characteristics:

File Information

Size
333K
SHA-1
6a0f8416d18073fb25d7834f6a16a6c51098813d
MD5
2a0ff04768804f5965dae71daae92fac
CRC-32
5697b747
File type
Windows executable
First seen
2013-03-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\EDbHm.exe
    Size
    333K
    SHA-1
    5e24d2f7ed789e3c27fd314dd7b9a7f60c1eaccc
    MD5
    f05ed9d5055ad3c68c26da2d26399d8a
    CRC-32
    2b5ed9a5
    File type
    Windows executable
    First seen
    2013-03-11
  • c:\Documents and Settings\test user\Application Data\Ezev\upadepa.exe
    Size
    333K
    SHA-1
    e0d81b5579cb558f779adee457b9e6a64ba02336
    MD5
    3e5d48891bfa9fc3ebae756950a278a3
    CRC-32
    b2dee605
    File type
    Windows executable
    First seen
    2013-03-11
  • c:\Documents and Settings\test user\Application Data\Zibiynx\cuypsoi.tmp
    Size
    563
    SHA-1
    b1a444cf05e54aa5de22239335234e323aeb76d2
    MD5
    7d73f450a95b4ce5338d6aadbae7bdb1
    CRC-32
    ec64b88a
    File type
    Unspecified binary - probably data
    First seen
    2013-03-11
  • c:\Documents and Settings\test user\Application Data\Zibiynx\cuypsoi.avi
    Size
    477
    SHA-1
    baf01f42227a212b954e475f83ebc62dfef575ea
    MD5
    c9a2a78e8034406619b1c6f7fde30969
    CRC-32
    93f5fbfc
    File type
    Unspecified binary - probably data
    First seen
    2013-03-11
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {89EA7E05-96C7-EC9B-72D1-CBF4527B0844}
    "c:\Documents and Settings\test user\Application Data\Ezev\upadepa.exe"
  • HKCU\Software\Microsoft\Ydze
    Ivmiomew
    □□□□□□□□□□□□□□□□□□@□□□□□□□□□□□`□□□□□0k□p□□□□□p□□□□□□□□@n□□(□ □□`□□ □□`□□P□□□□□@□□P□□□□□□□□□□□P□□□□□□□□□u□□□□□□□ R□□□□□O□0□□`□□ □□□□□@o□□□□□□□0□□ □□P□□Pk□□F□Pr□@Z□ □□□□□ k□□"□
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    9e 0d 96 1b 50 1e ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\ezev\upadepa.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • www.thefirewood.info

download Try Sophos products for free
Download now