Troj/Zbot-FNS

Category: Viruses and Spyware Protection available since:17 Jun 2013 12:45:53 (GMT)
Type: Trojan Last Updated:17 Jun 2013 12:45:53 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-FNS exhibits the following characteristics:

File Information

Size
274K
SHA-1
314e66c496a63d8251a7b21c89342e3391a6c719
MD5
15e9dec7df054a3c5dfc648dc608c863
CRC-32
a2b84685
File type
Windows executable
First seen
2013-06-16

Runtime Analysis

Copies Itself To
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$R2E375313
Dropped Files
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$I2E375313
    Size
    544
    SHA-1
    94a20e890950156f223a432cca605d0baebdd484
    MD5
    f6ae3d3fd0b355022069efc9a475a39c
    CRC-32
    d8c5bb33
    File type
    Unspecified binary - probably data
    First seen
    2013-06-16
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
  • http://www.e-zeeinternet.com/count.php
IP Connections
  • 1.173.216.229:16464
  • 108.170.53.186:16464
  • 108.176.144.247:16464
  • 111.249.55.212:16464
  • 111.252.143.243:16464
  • 111.253.81.247:16464
  • 112.105.82.206:16464
  • 113.254.253.254:16464
  • 114.36.97.251:16464
  • 115.242.93.191:16464
  • 115.254.253.254:16464
  • 116.118.136.231:16464
  • 117.254.253.254:16464
  • 118.86.129.243:16464
  • 119.195.96.183:16464
  • 119.254.253.254:16464
  • 122.118.131.216:16464
  • 124.6.9.229:16464
  • 125.196.231.243:16464
  • 134.254.253.254:16464
  • 135.254.253.254:16464
  • 158.254.253.254:16464
  • 161.53.166.186:16464
  • 166.254.253.254:16464
  • 173.3.122.236:16464
  • 174.126.204.253:16464
  • 176.96.226.236:16464
  • 180.148.47.197:16464
  • 180.254.253.254:16464
  • 182.254.253.254:16464
  • 183.254.253.254:16464
  • 183.82.23.254:16464
  • 184.144.234.192:16464
  • 184.254.253.254:16464
  • 186.92.214.222:16464
  • 190.202.220.244:16464
  • 190.254.253.254:16464
  • 194.165.17.3:53
  • 197.254.253.254:16464
  • 2.180.61.191:16464
  • 200.153.235.190:16464
  • 203.218.104.194:16464
  • 206.254.253.254:16464
  • 209.68.32.176:80
  • 211.30.164.202:16464
  • 213.213.213.251:16464
  • 218.226.218.243:16464
  • 218.227.23.248:16464
  • 24.127.196.220:16464
  • 24.155.228.239:16464
  • 24.196.221.250:16464
  • 24.204.204.190:16464
  • 24.253.15.243:16464
  • 24.44.194.241:16464
  • 24.74.26.218:16464
  • 24.9.113.237:16464
  • 27.231.240.195:16464
  • 46.185.8.253:16464
  • 49.204.54.245:16464
  • 49.204.55.187:16464
  • 5.12.99.199:16464
  • 5.13.16.247:16464
  • 58.11.199.247:16464
  • 66.168.225.254:16464
  • 67.176.251.243:16464
  • 68.53.223.246:16464
  • 68.71.52.198:16464
  • 69.245.165.217:16464
  • 70.171.129.203:16464
  • 76.105.156.194:16464
  • 77.52.132.205:16464
  • 79.100.117.248:16464
  • 8.8.8.8:53
  • 80.95.71.225:16464
  • 80.98.204.245:16464
  • 81.226.243.247:16464
  • 84.240.33.249:16464
  • 85.230.235.190:16464
  • 86.38.190.218:16464
  • 87.15.48.251:16464
  • 97.96.237.245:16464
  • 98.240.26.254:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now