Troj/Zbot-GKC

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Trojan Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-GKC exhibits the following characteristics:

File Information

Size
255K
SHA-1
3b836f1b3b1ee541f7d12cb2a8d8eebfd7da6c9b
MD5
65267e0d1db853492bf25eb8b47aea31
CRC-32
7cf7077d
File type
Windows executable
First seen
2013-09-25

Runtime Analysis

Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Samuixu
    "c:\Documents and Settings\test user\Application Data\Adeby\qeexr.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Ibqiy
    Omcei
    □6□p-□□H□□□□□□□ □□□T□□□□□6□p-□□H□□□□□□□ □□□T□□□□□6□p-□□H□□□□□□□ □□□T□□□□□□□□t□□o□0Y□□□□p3□□□□□□□□6□p-□□H□□□□□□□ □□□T□□□□□6□p-□□H□□□□□□□ □□□T□□□□□6□p-□□H□□□□□□□ □□□T□□□□p□□@□□□□□□□□□□□0□□□u□□0□□6□p-□□H□□□□□□□ □□□T□□□□□6□p-□□H□□□□□□□ □□□T□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    qeexr.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    66 cf d9 e6 0b ba ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\adeby\qeexr.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 37.49.224.87:80

download Try Sophos products for free
Download now