Troj/Zbot-GWK

Category: Viruses and Spyware Protection available since:13 Nov 2013 14:09:16 (GMT)
Type: Trojan Last Updated:13 Nov 2013 14:09:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-GWK exhibits the following characteristics:

File Information

Size
37K
SHA-1
6fd4a3b6adbdd75a578844fd48d48e77489841c5
MD5
8431d9d10fdbc7d150a9dba24c4a809f
CRC-32
f263f02e
File type
Windows executable
First seen
2013-11-13

Other vendor detection

Avira
TR/Crypt.XPACK.Gen3

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ijdayh\ijgil.exe
    Size
    432K
    SHA-1
    d23f42773fbdd3601439bcc42f1e966f74cac34f
    MD5
    d53de86643c76cd33ca6712e9ee1703c
    CRC-32
    e8f23c95
    File type
    Windows executable
    First seen
    2013-11-13
  • c:\Documents and Settings\test user\Local Settings\Application Data\ofviu.uhy
    Size
    477
    SHA-1
    333f688bf06989101c7a1f7a92ba2f55a1a40199
    MD5
    fc122d0d381a49e6360263988cb095ed
    CRC-32
    cf9e014b
    File type
    Unspecified binary - probably data
    First seen
    2013-11-13
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Ijgil
    "c:\Documents and Settings\test user\Application Data\Ijdayh\ijgil.exe"
  • HKCU\Software\Microsoft\Toufpepoi
    23gcf03c
    7Y□p6□□t□□0□0q□□4□□4□PM□
Processes Created
  • c:\Documents and Settings\test user\application data\ijdayh\ijgil.exe
  • c:\docume~1\support\locals~1\temp\qaglsydjpuaf.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://asfitness.com/wp-content/uploads/2013/04/ourgoals.exe
  • http://ciistudies.com/templates/themza_j25_13/images/green/logo.exe
  • http://dominionthe.com/images/slide1.exe
  • http://saniteq.com/wp-content/uploads/2013/08/saniteq-jet-hand-dryer-thumb-1.exe
  • http://thebaymanbook.com/wp-content/uploads/2012/07/Joeys-Story-200x300.exe
IP Connections
  • 108.65.194.40:1995
  • 108.83.124.24:3506
  • 174.95.65.84:3402
  • 200.91.49.183:7399
  • 68.162.220.34:4668
  • 72.22.255.197:4798
  • 76.226.121.242:5284
DNS Requests
  • asfitness.com
  • ciistudies.com
  • dominionthe.com
  • saniteq.com
  • thebaymanbook.com

download Try Sophos products for free
Download now