Troj/Zbot-GYI

Category: Viruses and Spyware Protection available since:20 Nov 2013 15:56:54 (GMT)
Type: Trojan Last Updated:20 Nov 2013 15:56:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-GYI include:

Example 1

File Information

Size
442K
SHA-1
5737a17f607171d07a57fa18ae93f43bead678c5
MD5
c8b9b6e0a3257130e5842dd0840577c9
CRC-32
aa98f472
File type
Windows executable
First seen
2013-11-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\ubre.nuu
    Size
    477
    SHA-1
    06b6ed009de6841d3e46020d37c70ea7788477f9
    MD5
    1d0b4e5dffdabb2705f243958e811154
    CRC-32
    fb51e397
    File type
    Unspecified binary - probably data
    First seen
    2013-11-20
  • c:\Documents and Settings\test user\Application Data\Bapyq\oqkim.exe
    Size
    442K
    SHA-1
    5dc7b893c406889f993cf4175ec69f9139f6b290
    MD5
    7bc04e3f903ae671248e21851f733502
    CRC-32
    9c76443e
    File type
    Windows executable
    First seen
    2013-11-20
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Oqkim
    "c:\Documents and Settings\test user\Application Data\Bapyq\oqkim.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Idelosciiv
    2203cgi4
    □□□□□□□□□□W□P□□@□□
Processes Created
  • c:\Documents and Settings\test user\application data\bapyq\oqkim.exe
IP Connections
  • 108.230.237.240:8925
  • 116.14.195.245:6487
  • 172.245.217.122:5751
  • 217.35.80.36:5432
  • 58.252.57.193:6362
  • 80.212.194.56:8201
  • 84.59.129.23:7605
  • 84.94.187.245:4021

Example 2

File Information

Size
442K
SHA-1
5dc7b893c406889f993cf4175ec69f9139f6b290
MD5
7bc04e3f903ae671248e21851f733502
CRC-32
9c76443e
File type
Windows executable
First seen
2013-11-20

download Try Sophos products for free
Download now