Troj/Zbot-EXB

Category: Viruses and Spyware Protection available since:01 May 2013 11:47:07 (GMT)
Type: Trojan Last Updated:01 May 2013 11:47:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-EXB include:

Example 1

File Information

Size
350K
SHA-1
9a6b011ddefeeac10de744e8f141e2caa0af5ae2
MD5
da8b92c51737c24b0d841df4ae2356df
CRC-32
ab299f34
File type
Windows executable
First seen
2013-05-01

Example 2

File Information

Size
350K
SHA-1
f8325060476690846101484921c95269ea6b4c2c
MD5
76504c41601eb09390b409f38675aa49
CRC-32
34b8faed
File type
Windows executable
First seen
2013-05-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Xajiiv\pautny.exe
    Size
    350K
    SHA-1
    9a6b011ddefeeac10de744e8f141e2caa0af5ae2
    MD5
    da8b92c51737c24b0d841df4ae2356df
    CRC-32
    ab299f34
    File type
    Windows executable
    First seen
    2013-05-01
  • c:\Documents and Settings\test user\Local Settings\Application Data\iflyin.okq
    Size
    477
    SHA-1
    2a8592118685a4d92fffc62f0aad8299a60fe718
    MD5
    7a3859808b1fce8a3217307a6749b5ea
    CRC-32
    854b1247
    File type
    Unspecified binary - probably data
    First seen
    2013-05-01
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Xajiiv\pautny.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Piocam
    i955jgc
    □F□□□□□b□□3□□]□p□□
Processes Created
  • c:\Documents and Settings\test user\application data\xajiiv\pautny.exe
IP Connections
  • 174.89.43.79:11416
  • 186.134.152.195:20279
  • 189.223.135.118:12524
  • 194.94.127.98:25549
  • 195.169.125.228:29902
  • 2.185.69.145:18420
  • 81.133.189.232:10880
  • 95.246.163.58:11922
  • 98.226.120.96:22784

download Try Sophos products for free
Download now