Troj/Zbot-FWO

Category: Viruses and Spyware Protection available since:01 Aug 2013 19:08:48 (GMT)
Type: Trojan Last Updated:01 Aug 2013 19:08:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-FWO exhibits the following characteristics:

File Information

Size
339K
SHA-1
9641048ad8f7f428bc3528d9e472453ec000321f
MD5
7b9ba1dab83918e78b3014c5d066f4da
CRC-32
a359794e
File type
Windows executable
First seen
2013-08-01

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\SyncHost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\wbemcore.exe
    Size
    8.0K
    SHA-1
    a4d45383bf06cebe09bf639bba478bc62b76da88
    MD5
    88f4108250f0451f63080bdb92968398
    CRC-32
    cbfe21e0
    File type
    Windows executable
    First seen
    2013-08-01
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Windows Management Instrumentation
    c:\Documents and Settings\test user\Application Data\Microsoft\Windows\wbemcore.exe
  • HKCU\Software\DC3_FEXEC
    01/08/2013 at 14:39:23
    {8683e91a-044e-11df-871e-806d6172696f-1612674719}
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\windows\synchost.exe
  • c:\Documents and Settings\test user\application data\microsoft\windows\wbemcore.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe
DNS Requests
  • nextpage.no-ip.org

download Try Sophos products for free
Download now