Troj/Zbot-YO

Category: Viruses and Spyware Protection available since:05 Sep 2010 21:39:11 (GMT)
Type: Trojan Last Updated:05 Sep 2010 21:39:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Zbot-YO include:

Example 1

File Information

Size
929K
SHA-1
a540db5112d83519c56fc094b94b334e38b612e1
MD5
2e72da8bac5233ce8389aa29124e7eb5
CRC-32
1f3a31d8
File type
application/x-ms-dos-executable
First seen
2010-09-05

Other vendor detection

Avira
DR/Delphi.Gen
Kaspersky
Trojan-Spy.Win32.Zbot.ajks

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\sdra64.exe
    Size
    1010K
    SHA-1
    f522f6651e803580de0ac803ce1fcb8f6f98dbd7
    MD5
    6b8e546adba92a88d8121333a9831fe4
    CRC-32
    a3f0fb89
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-05
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_000228DB
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_000223AB
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 f0 d8 c1 ef 42 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 f0 d8 c1 ef 42 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
    {33373039-3132-3864-6B30-303233343434}
    47 09 f2 0d
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_00022735
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Cache
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
HTTP Requests
  • http://www.basurm.com/sl/config.bin
DNS Requests
  • www.basurm.com

Example 2

File Information

Size
1.1M
SHA-1
b787253020aef4c1d5edf2d087d14cee2d0286f9
MD5
bb29649a75d4bd6ed543db55e8369b7e
CRC-32
36699e5b
File type
application/x-ms-dos-executable
First seen
2010-09-05

Runtime Analysis

Dropped Files
  • C:\WINDOWS\Temp\History\History.IE5\desktop.ini
  • C:\WINDOWS\system32\sdra64.exe
    Size
    1.4M
    SHA-1
    dd084a1f106612f9a09b20e2475cc594ba0140ba
    MD5
    64f8f926940be4e5939c651f06879d3e
    CRC-32
    410b9a8f
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-05
  • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A7E92Z2P\desktop.ini
  • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0JERCB0F\desktop.ini
  • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EXUZK5GN\desktop.ini
  • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CT0RWF4H\desktop.ini
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 30 75 fa 3f 42 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_000247FC
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
    {33373039-3132-3864-6B30-303233343434}
    47 09 f2 0d
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 30 75 fa 3f 42 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
    {3039636B-5F3D-6C64-6675-696870667265}
    f7 09 f2 0d
  • HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_00024A9B
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_00024A1E
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Cache
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Cache
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Cache
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
HTTP Requests
  • http://www.basurm.com/sl/config.bin
DNS Requests
  • www.basurm.com

Example 3

File Information

Size
666K
SHA-1
bfe2380ec5b7e8dd3b2f25e7edf8c0af53bc9b9f
MD5
4579a96c09900e6bd4030f2d34bedaff
CRC-32
463fc420
File type
application/x-ms-dos-executable
First seen
2010-09-05

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\sdra64.exe
    Size
    854K
    SHA-1
    56841cd7425c02a0212f788588744d6197eb1086
    MD5
    ca8e422795e7178cb3572536de7451f2
    CRC-32
    d296732f
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-05
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
    {33373039-3132-3864-6B30-303233343434}
    47 09 f2 0d
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 b0 46 7c 7b 47 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_0002388A
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 b0 46 7c 7b 47 4d cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_00023A01
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
    UID
    PC_0002354E
Registry Keys Modified
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Cache
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP Requests
  • http://www.basurm.com/sl/config.bin
DNS Requests
  • www.basurm.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy