Troj/Zbot-EUK

Category: Viruses and Spyware Protection available since:26 Apr 2013 12:18:57 (GMT)
Type: Trojan Last Updated:26 Apr 2013 12:18:57 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-EUK exhibits the following characteristics:

File Information

Size
291K
SHA-1
dd2fe390e3f16a7f12786799af927f62df6754c4
MD5
df81b21e9526c571d03bc1fb189f233c
CRC-32
c8457944
File type
Windows executable
First seen
2013-04-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Loif\ebti.exe
    Size
    291K
    SHA-1
    91e80766580709f6c6667edb79f3b536113af46c
    MD5
    fa3664803c7d838ea325539dc8b4dbbf
    CRC-32
    3463d7df
    File type
    Windows executable
    First seen
    2013-04-26
  • c:\Documents and Settings\test user\Local Settings\Application Data\otimr.bai
    Size
    477
    SHA-1
    2086693d9ca33a5253449981d05a89577b4807eb
    MD5
    6e982761ee3fcbb3b04367720603781b
    CRC-32
    efff8104
    File type
    Unspecified binary - probably data
    First seen
    2013-04-26
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Loif\ebti.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Axlya
    2h8ci131
    □□□□□□□u□@□□ D□PX□
Processes Created
  • c:\Documents and Settings\test user\application data\loif\ebti.exe
IP Connections
  • 108.74.172.39:18939
  • 180.248.91.99:13051
  • 212.70.206.102:15049
  • 64.231.248.224:27667
  • 66.130.42.12:12608
  • 66.63.204.26:29482
  • 71.193.224.27:12893
  • 76.29.46.47:21288
  • 82.51.81.152:25127

download Try Sophos products for free
Download now