Troj/Zbot-GFJ

Category: Viruses and Spyware Protection available since:06 Sep 2013 20:18:54 (GMT)
Type: Trojan Last Updated:06 Sep 2013 20:18:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-GFJ include:

Example 1

File Information

Size
119K
SHA-1
8d56e05add5c99410ee211914642f26e5eae1db4
MD5
0d63455bdaf470f96d3989b635d3ea1e
CRC-32
ee22021e
File type
Windows executable
First seen
2013-09-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Nyawga\iztao.exe
    Size
    294K
    SHA-1
    f4ed806011bc6f9b1b19c271618e964e165e0292
    MD5
    59d65c595167771ae10706a80c97b71b
    CRC-32
    5e5a927c
    File type
    Windows executable
    First seen
    2013-09-06
  • c:\Documents and Settings\test user\Local Settings\Application Data\dajee.coy
    Size
    477
    SHA-1
    a70eff5550e96724d3e14e10ff696575e7266db2
    MD5
    4cfe4f9ac67bde32c29becfd6b76fbb2
    CRC-32
    85dc1ce7
    File type
    Unspecified binary - probably data
    First seen
    2013-09-06
Registry Keys Created
  • HKCU\Software\Microsoft\Urduhyurlyzi
    10dj600h
    vS□`x□□X□□P□□c□@f□□4□□j□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Iztao
    "c:\Documents and Settings\test user\Application Data\Nyawga\iztao.exe"
  • HKCU\Software\WinRAR
    1AD16B9FA25640AD965AA9CF843CED1B
    tr□Pe□
  • HKCU\Identities
    Identity Login
    0x00098053
Processes Created
  • c:\Documents and Settings\test user\application data\nyawga\iztao.exe
  • c:\docume~1\support\locals~1\temp\129687.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://fclww.com/QdytJso0.exe
  • http://www.eesimedsupport.com/RsZm.exe
IP Connections
  • 108.210.102.165:7242
  • 108.216.28.159:2357
  • 174.125.13.108:5088
  • 74.208.73.146:4587
  • 81.138.21.57:4982
  • 86.153.157.115:4038
  • 98.95.183.150:5323
DNS Requests
  • fclww.com
  • luggagepoint.de
  • www.eesimedsupport.com

Example 2

File Information

Size
294K
SHA-1
f4ed806011bc6f9b1b19c271618e964e165e0292
MD5
59d65c595167771ae10706a80c97b71b
CRC-32
5e5a927c
File type
Windows executable
First seen
2013-09-06

download Try Sophos products for free
Download now