Troj/Zbot-EMP

Category: Viruses and Spyware Protection available since:06 Apr 2013 03:08:54 (GMT)
Type: Trojan Last Updated:06 Apr 2013 14:46:14 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-EMP include:

Example 1

File Information

Size
35K
SHA-1
4aa118eeb3d47942afcca63dec9cdb627d98c4cd
MD5
bc97237e23579b03a742ff73348e62fa
CRC-32
0c5c50b9
File type
Windows executable
First seen
2013-04-06

Runtime Analysis

HTTP Requests
  • http://atakonaklari.net/x.htm
  • http://blacktieaffair.info/o.htm
  • http://invest-games.com/p.htm
  • http://knockoutnow.com/y.htm
  • http://natyajunctiontheatre.com/d.htm
DNS Requests
  • atakonaklari.net
  • blacktieaffair.info
  • invest-games.com
  • knockoutnow.com
  • natyajunctiontheatre.com

Example 2

File Information

Size
63K
SHA-1
917932afcbaae8e4002c23ea1567d7d487c94309
MD5
1fff95fc10c4dba4dd045ed59fb0808f
CRC-32
6b9daf7a
File type
application/x-ms-dos-executable
First seen
2011-06-27

Runtime Analysis

Registry Keys Created
  • HKCU\Software\WinRAR
    HWID
    {9□@5□□9□□5□□-□□6□`3□□4□□A□ -□□4□□0□□3□@C□0F□01□`D□@E□□}□
HTTP Requests
  • http://epuse.su/f/sc.exe
DNS Requests
  • epuse.su
  • qdjhe.ru
  • tljxw.su

Example 3

File Information

Size
30K
SHA-1
99045e40ad76387672d41aa07e58de59c7af77cc
MD5
447de0561aee7eb374edd43ff093cdf5
CRC-32
f98d80d2
File type
application/x-ms-dos-executable
First seen
2013-04-05

download Try Sophos products for free
Download now