Troj/Zbot-EUO

Category: Viruses and Spyware Protection available since:26 Apr 2013 18:07:56 (GMT)
Type: Trojan Last Updated:26 Apr 2013 18:07:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-EUO include:

Example 1

File Information

Size
397K
SHA-1
1ef6b6163374df47f0a63f1f87b32dc093bd0ced
MD5
b87cac2e7434f119b4740b05fb21cee3
CRC-32
65f475d1
File type
Windows executable
First seen
2013-04-26

Example 2

File Information

Size
397K
SHA-1
bab4fb0f71d3716011be9d9c4d22c56a6255058e
MD5
e24cc156e90e0b1075b28afd6109e088
CRC-32
668e130a
File type
Windows executable
First seen
2013-04-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Miaqqy\efgo.exe
    Size
    397K
    SHA-1
    1ef6b6163374df47f0a63f1f87b32dc093bd0ced
    MD5
    b87cac2e7434f119b4740b05fb21cee3
    CRC-32
    65f475d1
    File type
    Windows executable
    First seen
    2013-04-26
  • c:\Documents and Settings\test user\Application Data\Sefa\asaz.quu
    Size
    3.9K
    SHA-1
    0a210f0ca34fd2c667e41198ba79b5a33dd4c125
    MD5
    710ebf29858fbb0fff9fe829d8b7510b
    CRC-32
    7dd43332
    File type
    Unspecified binary - probably data
    First seen
    2013-04-26
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Xaekimvoka
    "c:\Documents and Settings\test user\Application Data\Miaqqy\efgo.exe"
  • HKCU\Software\Microsoft\Demaq
    Quonykzy
    □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□k□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□-□□□□□□□□Q□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    74 88 93 c3 85 42 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\miaqqy\efgo.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • d71b28d222eb1f01.com

download Try Sophos products for free
Download now