Troj/Zbot-OWRE

Category: Viruses and Spyware Protection available since:09 Oct 2013 07:27:36 (GMT)
Type: Trojan Last Updated:09 Oct 2013 07:27:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-OWRE exhibits the following characteristics:

File Information

Size
363K
SHA-1
c454fbe8380d34bc690fbadadcf49be96bca518f
MD5
33b39e806d06b0636772e8dc7f779b93
CRC-32
bdced71b
File type
Windows executable
First seen
2013-09-09

Runtime Analysis

Dropped Files
  • C:\debug.txt
    Size
    1.3K
    SHA-1
    b7a8d77d93547f58b08d63d6cd36ea802c0ef399
    MD5
    57f1d74c911dd905ad8e561e5eb86715
    CRC-32
    293bc552
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-09-09
Registry Keys Created
  • HKCR\S9.Document\DefaultIcon
    (Default)
    c:\test_item.exe,0
  • HKCR\.s
    (Default)
    S9.Document
  • HKCR\S9.Document\shell\printto\command
    (Default)
    c:\test_item.exe /pt "%1" "%2" "%3" "%4"
  • HKCR\S9.Document
    (Default)
    S9 Document
  • HKCR\.s\ShellNew
    NullFile
  • HKCR\S9.Document\shell\open\command
    (Default)
    c:\test_item.exe "%1"
  • HKCR\S9.Document\shell\print\command
    (Default)
    c:\test_item.exe /p "%1"
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe

download Try Sophos products for free
Download now