Troj/Zbot-EYQ

Category: Viruses and Spyware Protection available since:05 May 2013 23:59:24 (GMT)
Type: Trojan Last Updated:05 May 2013 23:59:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-EYQ include:

Example 1

File Information

Size
234K
SHA-1
a0609f851fc7279b8f23e274dbf19c31ee885384
MD5
f5cd533f7abd977bb26342ba721b7ad4
CRC-32
b60b9f8f
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Odvysy\zoys.exe
    Size
    234K
    SHA-1
    de2d4c73d71f61d1f59ad5c00e40fefb1dc22434
    MD5
    e739fef3d31a2fdd32a8a9f627ad95a1
    CRC-32
    6d57b908
    File type
    Windows executable
    First seen
    2013-05-05
  • c:\Documents and Settings\test user\Local Settings\Application Data\yqewf.dui
    Size
    477
    SHA-1
    e75b9af8925cb30ec82cc06b4840c689f4778ef1
    MD5
    2631e56cbd61b2f2bd2e14e89cf13400
    CRC-32
    7a5828f5
    File type
    Unspecified binary - probably data
    First seen
    2013-05-05
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Odvysy\zoys.exe"
  • HKCU\Software\Microsoft\Yjlo
    1486fbf3
    Ms□ m□□G□□e□□E□□o□p8□0d□
  • HKCU\Identities
    Identity Login
    0x00098053
Processes Created
  • c:\Documents and Settings\test user\application data\odvysy\zoys.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 109.130.150.134:10342
  • 178.22.174.182:11813
  • 194.94.127.98:25549
  • 195.169.125.228:29902
  • 199.59.157.124:11145
  • 213.230.94.16:27964
  • 74.67.47.11:25374
  • 75.64.131.25:25864
  • 76.245.44.216:13467

Example 2

File Information

Size
234K
SHA-1
de2d4c73d71f61d1f59ad5c00e40fefb1dc22434
MD5
e739fef3d31a2fdd32a8a9f627ad95a1
CRC-32
6d57b908
File type
Windows executable
First seen
2013-05-05

download Try Sophos products for free
Download now