Troj/Zbot-FMJ

Category: Viruses and Spyware Protection available since:12 Jun 2013 18:32:04 (GMT)
Type: Trojan Last Updated:12 Jun 2013 18:32:04 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-FMJ include:

Example 1

File Information

Size
781K
SHA-1
a2574152800b6ec83e497aab96f64ca2af9475d6
MD5
a147494868fe8556c566b9778609e811
CRC-32
54930d51
File type
Windows executable
First seen
2013-06-12

Example 2

File Information

Size
781K
SHA-1
f98633dd88a85e36468c505d5a224ca3afd6f33b
MD5
ef1a1dad152853254eda027b57d80235
CRC-32
49b6beef
File type
Windows executable
First seen
2013-06-12

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Bebo\bafe.exe
    Size
    781K
    SHA-1
    a2574152800b6ec83e497aab96f64ca2af9475d6
    MD5
    a147494868fe8556c566b9778609e811
    CRC-32
    54930d51
    File type
    Windows executable
    First seen
    2013-06-12
  • c:\Documents and Settings\test user\Application Data\Xohy\vury.tmp
    Size
    563
    SHA-1
    9fcd5661ef7ec99aacb38fdb33844519e5d1120a
    MD5
    978cb29960b446860c275a432648d3a9
    CRC-32
    fb1a363e
    File type
    Unspecified binary - probably data
    First seen
    2013-06-12
  • c:\Documents and Settings\test user\Application Data\Xohy\vury.yhy
    Size
    477
    SHA-1
    c3332d4c8bff83db3c4450a61c908dddce7d0322
    MD5
    4bc6854990caeb506e7a3d4fbaff38b5
    CRC-32
    57e7c6cf
    File type
    Unspecified binary - probably data
    First seen
    2013-06-12
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Ozuze
    Erkaywi
    □□□□□□P□□0□□□[□□□□□□□□□□□□□□□□□!□P□□□□□p□□□,□P!□□□□□□□P□□□□□□o□`'□□□□□□□□c□@□□p□□□□□0□□□□□P□□□□□□7□@?□□□□□□□@□□0D□p□□@s□P□□□T□p,□□□□`□□□W□□□□□d□□□□□s□□□□P-□□□□□□□□d□□q□□?□`O□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {7483EE59-2FFA-4F35-CC38-2F66CECD0C58}
    "c:\Documents and Settings\test user\Application Data\Bebo\bafe.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    7e 1b 4b d2 70 67 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\bebo\bafe.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://spparow.info/tosin/one/cfg.bin
DNS Requests
  • spparow.info

download Try Sophos products for free
Download now