Troj/Zbot-YS

Category: Viruses and Spyware Protection available since:09 Sep 2010 17:41:23 (GMT)
Type: Trojan Last Updated:09 Sep 2010 17:41:23 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-YS exhibits the following characteristics:

File Information

Size
34K
SHA-1
267581d96caf5e61a33c0e2c12d1ee84e6ab229b
MD5
00d3d20b55a79e4148413724c5af9051
CRC-32
ea21aeba
File type
application/x-ms-dos-executable
First seen
2010-08-31

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen
Kaspersky
Trojan.Win32.Small.acvx

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\wuaucldt.exe
  • c:\Documents and Settings\test user\wuaucldt.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    wuaucldt
    c:\documents and settings\support\wuaucldt.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    wuaucldt
    c:\windows\system32\wuaucldt.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
  • c:\windows\system32\wuaucldt.exe
IP Connections
  • 115.125.150.227:443
  • 122.219.252.105:443
  • 131.113.221.138:443
  • 133.26.200.10:443
  • 133.87.45.189:443
  • 140.177.205.56:443
  • 173.192.214.192:443
  • 193.110.163.66:443
  • 193.178.147.110:443
  • 193.23.48.228:443
  • 193.26.15.243:443
  • 195.214.214.53:443
  • 200.143.10.165:443
  • 200.192.143.87:443
  • 200.234.192.141:443
  • 200.234.223.237:443
  • 201.20.45.207:443
  • 201.76.41.87:443
  • 201.76.50.168:443
  • 202.164.228.11:443
  • 202.214.40.79:443
  • 202.218.170.179:443
  • 202.226.91.62:443
  • 203.179.38.26:443
  • 203.180.136.89:443
  • 203.79.51.228:443
  • 204.13.248.107:443
  • 204.145.82.226:443
  • 207.44.220.4:443
  • 210.157.5.25:443
  • 210.165.4.71:443
  • 210.171.131.16:443
  • 212.111.198.59:443
  • 212.42.72.183:443
  • 212.82.216.42:443
  • 219.99.163.41:443
  • 222.146.58.38:443
  • 61.120.56.37:443
  • 62.149.23.110:443
  • 64.41.142.74:443
  • 64.79.197.143:443
  • 66.197.152.245:443
  • 66.197.157.133:443
  • 66.96.213.5:443
  • 68.232.187.4:443
  • 69.197.158.242:443
  • 69.197.177.170:443
  • 69.72.149.166:443
  • 74.125.87.69:443
  • 77.120.104.50:443
  • 77.120.110.76:443
  • 77.120.121.35:443
  • 77.120.99.240:443
  • 79.171.122.236:443
  • 82.193.122.190:443
  • 87.239.184.105:443
  • 91.196.95.24:443
  • 91.203.146.30:443
DNS Requests
  • black.nightphantom.com
  • bookweb.kinokuniya.co.jp
  • bunker.org.ua
  • center.umin.ac.jp
  • cg.ces.kyutech.ac.jp
  • cheburash.com
  • cps-h3.ep.sci.hokudai.ac.jp
  • direct.ips.co.jp
  • ex2.broadser
  • hosting.cnrg.com.ua
  • k.jfc.go.jp
  • la2.meganet.org.ua
  • loja.tray.com.br
  • m-repo.lib.meiji.ac.jp
  • masterkey.com.ua
  • mst.com.ua
  • rastu.com.ua
  • spooky.cartoons.org.ua
  • ss1.coressl.jp
  • ssl.aukro.ua
  • ssl.form-mailer.jp
  • weather.co.ua
  • wow.merlin.org.ua
  • www.365.e-secom.jp
  • www.aandd.jp
  • www.billboxrecords.com.br
  • www.digimer.com.br
  • www.epra
  • www.gsec.keio.ac.jp
  • www.guiaseshop.com.br
  • www.imusica.com.br
  • www.inde
  • www.jaif.or.jp
  • www.jica.go.jp
  • www.kajima.co.jp
  • www.marantz.jp
  • www.mlh.co.jp
  • www.myeclipseide.jp
  • www.nrw.co.jp
  • www.okilogistics.co.jp
  • www.pirateparty.in.ua
  • www.rulez.org.ua
  • www.science-forum.co.jp
  • www.stone.co.ua

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy