Troj/Zbot-GYH

Category: Viruses and Spyware Protection available since:20 Nov 2013 13:07:54 (GMT)
Type: Trojan Last Updated:20 Nov 2013 13:07:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-GYH include:

Example 1

File Information

Size
39K
SHA-1
066ec2605f3bce939f484c3e99ac9098b9fd6f12
MD5
f4fc091e44d32106f6db7c3654b1e2d5
CRC-32
ba8b7d20
File type
Windows executable
First seen
2013-11-20

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Epeha\oxkuem.exe
    Size
    379K
    SHA-1
    1559491f7f7244fae9fb2c6a530f90090a7dfa37
    MD5
    dba098c4ab6d70be1790e63e1dcc94fb
    CRC-32
    eec3d2bc
    File type
    Windows executable
    First seen
    2013-11-20
  • c:\Documents and Settings\test user\Local Settings\Application Data\bairop.ecp
    Size
    477
    SHA-1
    8709250cc12f9547a558dc63d4545e5cffc4d489
    MD5
    d8e1185a2a3e57e21494072ecb353b34
    CRC-32
    8034ec14
    File type
    Unspecified binary - probably data
    First seen
    2013-11-20
Registry Keys Created
  • HKCU\Software\Microsoft\Iqamkefiy
    1ahh194i
    □□□@l□P□□`□□□□□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Oxkuem
    "c:\Documents and Settings\test user\Application Data\Epeha\oxkuem.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\epeha\oxkuem.exe
  • c:\docume~1\support\locals~1\temp\ozekqwbgmsxc.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://asfitness.com/wp-content/uploads/2013/04/ourgoals.exe
  • http://ciistudies.com/templates/themza_j25_13/images/green/logo.exe
  • http://dominionthe.com/images/slide1.exe
  • http://saniteq.com/wp-content/uploads/2013/08/saniteq-jet-hand-dryer-thumb-1.exe
  • http://www.asfitness.com/wp-content/uploads/2013/04/ourgoals.exe
IP Connections
  • 108.65.194.40:1995
  • 108.83.124.24:3506
  • 174.95.65.84:3402
  • 200.91.49.183:7399
  • 68.162.220.34:4668
  • 72.22.255.197:4798
  • 76.226.121.242:5284
DNS Requests
  • asfitness.com
  • ciistudies.com
  • dominionthe.com
  • saniteq.com
  • www.asfitness.com

Example 2

File Information

Size
379K
SHA-1
1559491f7f7244fae9fb2c6a530f90090a7dfa37
MD5
dba098c4ab6d70be1790e63e1dcc94fb
CRC-32
eec3d2bc
File type
Windows executable
First seen
2013-11-20

download Try Sophos products for free
Download now