Troj/Zbot-HVS

Category: Viruses and Spyware Protection available since:21 Mar 2014 10:08:32 (GMT)
Type: Trojan Last Updated:21 Mar 2014 22:16:34 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-HVS include:

Example 1

File Information

File type
Windows executable

Other vendor detection

Avira
TR/ATRAPS.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\bocico.bin
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Aqezupyvby
    d8i67jj
    gr□□A□@D□@Q□PG□□P□Pt□□P□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Yhil
    "c:\Documents and Settings\test user\Local Settings\Temp\Mexy\yhil.exe"
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\isapnp
    Tag
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC
    Tag
    0x00000006
  • HKLM\SYSTEM\CurrentControlSet\Services\PCI
    Tag
    0x00000003
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPI
    Tag
    0x00000002
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\mexy\yhil.exe
IP Connections
  • 115.126.143.176:9551
  • 121.6.40.64:5693
  • 124.102.71.137:1193
  • 174.95.148.169:6781
  • 180.32.45.40:6589
  • 181.28.56.2:4283
  • 50.100.208.136:8656
  • 81.134.111.58:2058
  • 99.122.66.193:2453
  • 99.37.80.46:3736
DNS Requests
  • aulbbiwslxpvvphxnjij.biz
  • www.google.com

Example 2

File Information

File type
application/x-ms-dos-executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\fijet.kuj
Registry Keys Created
  • HKCU\Software\Microsoft\Omsyloods
    21eif9a8
    □B□□□□`y□□□□□:□0&□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Faizoj
    "c:\Documents and Settings\test user\Local Settings\Temp\Ociv\faizoj.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\isapnp
    Tag
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPI
    Tag
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\PCI
    Tag
    0x00000003
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC
    Tag
    0x00000006
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\ociv\faizoj.exe
IP Connections
  • 115.126.143.176:9551
  • 121.6.40.64:5693
  • 124.102.71.137:1193
  • 174.95.148.169:6781
  • 180.32.45.40:6589
  • 181.28.56.2:4283
  • 50.100.208.136:8656
  • 81.134.111.58:2058
  • 99.122.66.193:2453
  • 99.37.80.46:3736
DNS Requests
  • aulbbiwslxpvvphxnjij.biz

Example 3

File Information

Size
596K
SHA-1
a64b8c603477de92bda9ffa8f32559a49adb0ac3
MD5
3cb05ce44c4308be1d297bff87862bc4
CRC-32
3a51c636
File type
application/x-ms-dos-executable
First seen
2014-03-21

download Try Sophos products for free
Download now