Troj/Zbot-EYN

Category: Viruses and Spyware Protection available since:05 May 2013 19:07:48 (GMT)
Type: Trojan Last Updated:05 May 2013 19:07:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-EYN exhibits the following characteristics:

File Information

Size
949K
SHA-1
1dd27e4945583291142f2d88bca62e0f27c37a5b
MD5
d529bb86c6cfc1b113aa1d233ed5d92e
CRC-32
9cb0283a
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Omdur\afoc.toe
    Size
    1.1K
    SHA-1
    1229b749f7f310c446b18a7900acbece6d1a67d1
    MD5
    62deef14841335d54c5d69896ac49c06
    CRC-32
    c9ae0369
    File type
    Unspecified binary - probably data
    First seen
    2013-05-05
  • c:\Documents and Settings\test user\Application Data\Owfo\ando.exe
    Size
    949K
    SHA-1
    bfca7af0db0a77496eca5523eb21d7083b16ec2d
    MD5
    428e1edf4397ae13418bcf453a1ef79c
    CRC-32
    9331a886
    File type
    Windows executable
    First seen
    2013-05-05
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {98C78535-B2F4-C3F2-E34C-8D04FBA22A37}
    "c:\Documents and Settings\test user\Application Data\Owfo\ando.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\owfo\ando.exe
HTTP Requests
  • http://www.creditsusse.com/cfg.bin
DNS Requests
  • www.creditsusse.com

download Try Sophos products for free
Download now