Troj/Zbot-IEA

Category: Viruses and Spyware Protection available since:23 Apr 2014 21:22:27 (GMT)
Type: Trojan Last Updated:23 Apr 2014 22:55:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-IEA include:

Example 1

File Information

Size
20K
SHA-1
a5d8c024d0ce34e2024836e53770b997bb2cd171
MD5
1382858fd65429ece262d7a7782890a6
CRC-32
c446a2d9
File type
application/x-ms-dos-executable
First seen
2014-04-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\smcos.exe
    Size
    20K
    SHA-1
    15390825ffc206865b605fb226746c6e33681de2
    MD5
    979e3df6375cb0ade77d626bc29ed1de
    CRC-32
    707f6019
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-23
Processes Created
  • c:\docume~1\support\locals~1\temp\smcos.exe

Example 2

File Information

Size
19K
SHA-1
baad2cf8a7d25ffa752fccea7575b13009e19a12
MD5
09cd9eb12effac3a5e9bcb83673d9807
CRC-32
8b8ed7a4
File type
application/x-ms-dos-executable
First seen
2014-04-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Xuelh\yprien.exe
    Size
    661K
    SHA-1
    94404faf9ee2fe0b45f89c0b70dc6cbf21368710
    MD5
    47797bd43813626087c1c798272ada87
    CRC-32
    05f85a4d
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\QNN482C.bat
    Size
    164
    SHA-1
    a9c97785b6dc8ca3be4a07fc41ecca0c85a70c23
    MD5
    e3d25179ae795cd13585d321a71799a3
    CRC-32
    019e3203
    File type
    application/octet-stream
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\smcos.exe
    Size
    20K
    SHA-1
    8e9ef5f4d5cb6631ceb9ee105a5b1f49a60aaa35
    MD5
    942ea191273063560a829bfc8d9c3b74
    CRC-32
    ef9ee438
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-23
  • C:\WINDOWS\system32\drivers\1c7ee.sys
    Size
    55K
    SHA-1
    27efa819b645897fb4c1707a598ce4f9a6612dc6
    MD5
    0c5ffe9d6aa399fbe82cd7b1775e23d7
    CRC-32
    51a28281
    File type
    application/x-ms-dos-executable
    First seen
    2007-09-12
Registry Keys Created
  • HKCU\Software\Microsoft\Rahaabycm
    1459dfaf
    ow□0L□□8□p8□□w□P8□□8□□m□0H□@C□@w□□=□
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\xuelh\yprien.exe
  • c:\docume~1\support\locals~1\temp\smcos.exe
  • c:\docume~1\support\locals~1\temp\tmpie.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://aflakbook.com/classes/images/e2304USm.tar
DNS Requests
  • aflakbook.com

Example 3

File Information

Size
20K
SHA-1
295a49c4c454b3439b732185e1283c846b31ff01
MD5
1a88aab6c74ea1cbf7fe4594b8c97284
CRC-32
55e0c44f
File type
Windows executable
First seen
2014-04-23

download Try Sophos products for free
Download now