UBot

Catégorie: Adwares et PUA Protection disponible depuis:17 oct. 2013 20:21:23 (GMT)
Type: Unspecified PUA Dernière mise à jour :17 oct. 2013 20:21:23 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of UBot include:

Example 1

File Information

File type
Windows executable

Other vendor detection

Avira
TR/Drop.3280896

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\compile.exe_0x9543C661C950B6BF49B0E80F891065C8.1.manifest
  • c:\Documents and Settings\test user\Application Data\ubotcompile3167383\affno.txt
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
  • c:\Documents and Settings\test user\Application Data\ubotcompile3167383\bot.ubot
    Size
    50K
    SHA-1
    be0977396d8ec4bb3403a2e0fec68ea5dfcb7c19
    MD5
    c939a7d364374fd08ac45058f00e1207
    CRC-32
    ac889615
    File type
    Base64 encoded
    First seen
    2013-10-14
  • c:\Documents and Settings\test user\My Documents\u-bot\mailpos.txt
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
  • c:\Documents and Settings\test user\My Documents\u-bot\friendpos.txt
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
  • c:\Documents and Settings\test user\Application Data\ubotcompile3167383\bot.exe
    Size
    3.1M
    SHA-1
    b411fffe802f7919997e485f97d22e3268c282d3
    MD5
    b2a7e94b2d3663b41f253b90572ada8e
    CRC-32
    cde85ec0
    File type
    Windows executable
    First seen
    2013-07-22
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
  • c:\Documents and Settings\test user\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
  • c:\Documents and Settings\test user\My Documents\u-bot\urls.txt
Modified Files
  • %SYSTEM%\d3d9caps.dat
Registry Keys Created
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    compile.exe
Processes Created
  • c:\Documents and Settings\test user\application data\ubotcompile3167383\bot.exe
  • c:\Documents and Settings\test user\local settings\application data\xenocode\sandbox\ubot_standalone\1.0.0.0\2010.02.15t12.47\native\stubexe\@windir@\microsoft.net\framework\v2.0.50727\csc.exe
  • c:\Documents and Settings\test user\local settings\application data\xenocode\sandbox\ubot_standalone\1.0.0.0\2010.02.15t12.47\native\stubexe\@windir@\microsoft.net\framework\v2.0.50727\cvtres.exe
  • c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

Example 2

File Information

Size
3.1M
SHA-1
b411fffe802f7919997e485f97d22e3268c282d3
MD5
b2a7e94b2d3663b41f253b90572ada8e
CRC-32
cde85ec0
File type
Windows executable
First seen
2013-07-22

download Essayez les produits Sophos gratuitement
Téléchargez maintenant