Examples of Troj/Zbot-ECO include:
Example 1
File Information
- Size
- 345K
- SHA-1
- 089c8f9572b5e5c1795801ea8007b994eafd6875
- MD5
- ed1e88719a3a5c5930704bcebe4af694
- CRC-32
- 52fa5b82
- File type
- Windows executable
- First seen
- 2013-03-06
Example 2
File Information
- Size
- 133K
- SHA-1
- a34b6dcfc108d7205d611618e5debe7b2cf3185e
- MD5
- 9e7b681d40b8c9422f5489ed522e146a
- CRC-32
- ad2fdc38
- File type
- Windows executable
- First seen
- 2013-03-05
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Wyoq\balug.exe
- Size
- 345K
- SHA-1
- 089c8f9572b5e5c1795801ea8007b994eafd6875
- MD5
- ed1e88719a3a5c5930704bcebe4af694
- CRC-32
- 52fa5b82
- File type
- Windows executable
- First seen
- 2013-03-06
- c:\Documents and Settings\test user\Local Settings\Application Data\lada.uku
- Size
- 477
- SHA-1
- c8989f796e36d487d56aca04b35d36b7e3b1b0cb
- MD5
- 45b04a46764ace4727ee4af78b75c941
- CRC-32
- 709114e1
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-06
Registry Keys Created
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Wyoq\balug.exe"
- HKCU\Software\Microsoft\Mecoli
- 2deji9cf
- □□□□□□@□□□□□□1□□H□
- HKCU\Software\WinRAR
- 718A4957E8CBB4BFFCAA8BB3AB3259F4
- tr□Pe□
Processes Created
- c:\Documents and Settings\test user\application data\wyoq\balug.exe
- c:\docume~1\support\locals~1\temp\137140.exe
- c:\docume~1\support\locals~1\temp\139656.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://24odisha.com/zkWyeo2j.exe
- http://domoservice.readyshops.cz/9CoHn.exe
- http://www.sb-waesche.de/7RnL.exe
IP Connections
- 108.211.64.46:23323
- 151.49.166.206:10117
- 184.156.76.158:23986
- 50.72.177.24:25517
- 66.117.77.134:15387
- 85.9.95.205:15080
- 99.95.152.226:27763
DNS Requests
- 17.ir-c.net
- 24odisha.com
- domoservice.readyshops.cz
- www.sb-waesche.de