Troj/Zbot-HAP

Category: Viruses and Spyware Protection available since:28 Nov 2013 03:35:49 (GMT)
Type: Trojan Last Updated:28 Nov 2013 03:35:49 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-HAP include:

Example 1

File Information

Size
329K
SHA-1
8a5dfc02caaef216f1d675f16d9797e76436b79f
MD5
202f449c16cf078cda31ed80fb9a0984
CRC-32
066b6dda
File type
Windows executable
First seen
2013-11-28

Example 2

File Information

Size
445K
SHA-1
1ddf4e7a06482c158c5cdc9d074327f7061adffb
MD5
bd9d1a5bc94f332344c713a84b8776e1
CRC-32
3b15f587
File type
Windows executable
First seen
2013-11-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Kawuz\imcai.lop
    Size
    477
    SHA-1
    62e58f8f9e1df971a1f7f0cb8730289b7a3ac351
    MD5
    8be4880a3cbc4eb7b2eb6a8e28cda9d3
    CRC-32
    0b98a134
    File type
    Unspecified binary - probably data
    First seen
    2013-11-27
  • c:\Documents and Settings\test user\Application Data\Mazes\teco.exe
    Size
    445K
    SHA-1
    6a0f4adf36986c0ae018a42c1a1179b8e4ff70fd
    MD5
    2bb944e4a4a8340148669e9bb924b774
    CRC-32
    0ed4a9fc
    File type
    Windows executable
    First seen
    2013-11-27
  • c:\Documents and Settings\test user\Application Data\Kawuz\imcai.tmp
    Size
    563
    SHA-1
    815c8ebb2706c96bee1cfca71ab36f01190ed46a
    MD5
    53237fc17541ef56c0686f498286f2bf
    CRC-32
    6f72bbee
    File type
    Unspecified binary - probably data
    First seen
    2013-11-27
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCR\PPT_Test.Application
    (Default)
    PPT_Test.Application
  • HKCR\PPT_Test.Application\CLSID
    (Default)
    {DE7CBE17-0368-40E2-8357-1639DA027BAB}
  • HKCR\CLSID\{DE7CBE17-0368-40E2-8357-1639DA027BAB}
    (Default)
    PPT_Test.Application
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Temai
    Huxixymi
    _\□□□□□□□@□□□v□□h□□$□□□□□□□0□0□□□□□□4□□□□□□□□□□□□□`□□□□□□-□0□□□□□P□□@□□□□□ Y□□X□p□□p□□□□□□□□□k□□□□P□□□□□□□□□□□□□□0e□□□□□\□□v□□T□0T□□□□`□□P□□Pf□P□□□ □□x□□□□□□□□!□□□□□□□□□□□'□
  • HKCR\CLSID\{DE7CBE17-0368-40E2-8357-1639DA027BAB}\InprocHandler32
    (Default)
    ole32.dll
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCR\CLSID\{DE7CBE17-0368-40E2-8357-1639DA027BAB}\LocalServer32
    (Default)
    C:\DOCUME~1\support\APPLIC~1\Mazes\teco.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B280BE6D-6A1C-F836-995F-59A82B7EBE89}
    "c:\Documents and Settings\test user\Application Data\Mazes\teco.exe"
  • HKCR\CLSID\{DE7CBE17-0368-40E2-8357-1639DA027BAB}\ProgID
    (Default)
    PPT_Test.Application
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    ec 41 ba 18 c5 eb ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\mazes\teco.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://robbeenpartners.nl/crome/format.bin
DNS Requests
  • robbeenpartners.nl

download Try Sophos products for free
Download now