Troj/Zbot-IBU

Category: Viruses and Spyware Protection available since:11 Apr 2014 21:25:11 (GMT)
Type: Trojan Last Updated:11 Apr 2014 21:25:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-IBU include:

Example 1

File Information

Size
312K
SHA-1
030a7992dc336ebf88fe731f0d9739942e738f8d
MD5
ed79660eaef115641a136efc6e745d3c
CRC-32
2ae8acae
File type
application/x-ms-dos-executable
First seen
2011-06-28

Runtime Analysis

Dropped Files
  • C:\WINDOWS\Tasks\Security Center Update - 3054187260.job
    Size
    884
    SHA-1
    cca7b98142ef90c3419f6e52f3fe94f82b840245
    MD5
    24a038138c1f535445aaf5c7a3c84904
    CRC-32
    31a9cf51
    File type
    .JOB File Format
    First seen
    2014-04-11
  • C:\WINDOWS\system32\uhosx.exe
    Size
    312K
    SHA-1
    a05ca0f86d5efc0fa4d1474cf051c0bbd749ebf9
    MD5
    f19947378109afe0b6a82b47fb672869
    CRC-32
    7824cf79
    File type
    Windows executable
    First seen
    2014-04-11
  • c:\Documents and Settings\test user\Application Data\Ufynsy\utabitn.exe
    Size
    312K
    SHA-1
    a05ca0f86d5efc0fa4d1474cf051c0bbd749ebf9
    MD5
    f19947378109afe0b6a82b47fb672869
    CRC-32
    7824cf79
    File type
    Windows executable
    First seen
    2014-04-11
Registry Keys Created
  • HKLM\SOFTWARE\Dmnrafozwi
    License
    0x000001bc
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3054187260\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3054187260\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Dmnrafozwi
    License
    0x000001bc
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3054187260
    ObjectName
    LocalSystem
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Emunelfux
    "c:\Documents and Settings\test user\Application Data\Ufynsy\utabitn.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Emunelfux
    "c:\Documents and Settings\test user\Application Data\Ufynsy\utabitn.exe"
Registry Keys Modified
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
Processes Created
  • c:\Documents and Settings\test user\application data\ufynsy\utabitn.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\uhosx.exe
HTTP Requests
  • http://red-stoneses.com/b/eve/16b821611ff94176f6ce4c1b
DNS Requests
  • red-stoneses.com

Example 2

File Information

Size
312K
SHA-1
f71b59675b049e44b668ed22c27b36b17f06223d
MD5
ee0f254048498fa55863ee56afa2e8c7
CRC-32
2ea44a48
File type
Windows executable
First seen
2014-04-11

Example 3

File Information

Size
312K
SHA-1
13de0035946fba23988a88f5a071bf3aeafd3df2
MD5
15d6eced4963f8c25adde99081d61b23
CRC-32
e22824bb
File type
Windows executable
First seen
2014-04-11

download Try Sophos products for free
Download now