Troj/Zbot-EYL

Category: Viruses and Spyware Protection available since:13 May 2013 07:05:41 (GMT)
Type: Trojan Last Updated:13 May 2013 07:05:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-EYL exhibits the following characteristics:

File Information

Size
202K
SHA-1
38174f98b52541123c611458590c2ee52a36393e
MD5
1708d9c018e5fa002f71fa87c6a91c56
CRC-32
978d76f6
File type
Windows executable
First seen
2013-05-11

Runtime Analysis

Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Toavycsud
    "c:\Documents and Settings\test user\Application Data\Oqoro\anyxe.exe"
  • HKCU\Software\Microsoft\Taaxt
    Izvatia
    □□□□-□□P□□^□ 2□ p□□□□□□□□□□□-□□P□□^□ 2□ p□□□□□□□□□□□-□□P□□^□ 2□ p□□□□□□□□|□□□□□P□□c□□□□□G□ {□`□□□□□□-□□P□□^□ 2□ p□□□□□□□□□□□-□□P□□^□ 2□ p□□□□□□□□□□□-□□P□□^□ 2□ p□□□□□□□@□□p□□□□□□W□□7□□4□□□□P□□□□□□-□□P□□^□ 2□ p□□□□□□□□□□□-□□P□□^□ 2□ p□□□□□□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    16 8a e1 15 80 4f ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\oqoro\anyxe.exe
DNS Requests
  • d71b28d222eb1f01.com

download Try Sophos products for free
Download now