Troj/Zbot-EJD

Catégorie: Virus et spywares Protection disponible depuis:26 mars 2013 16:40:26 (GMT)
Type: Trojan Dernière mise à jour :26 mars 2013 16:40:26 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Zbot-EJD exhibits the following characteristics:

File Information

Size
245K
SHA-1
e6e73876fbb68b1ac3661a6ed0e49f2556502b20
MD5
a1b0f984ee84cf7bb7b09c3c56aab3d2
CRC-32
82a01102
File type
Windows executable
First seen
2013-03-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Adim\axeq.exe
    Size
    245K
    SHA-1
    858afe42dead5b0d63c434d349a793cc7483f453
    MD5
    342d6b608bc5acc85ff2ebbfdc67a42d
    CRC-32
    cd3a6f36
    File type
    Windows executable
    First seen
    2013-03-26
  • c:\Documents and Settings\test user\Application Data\Kuqur\isam.nul
    Size
    477
    SHA-1
    d6bc717c3b9b1a79b78d34bec4fec16cd4dd5d14
    MD5
    de4943bdf775d32cdef924022dd0ab12
    CRC-32
    1e0d9ff0
    File type
    Unspecified binary - probably data
    First seen
    2013-03-26
  • c:\Documents and Settings\test user\Application Data\Kuqur\isam.tmp
    Size
    563
    SHA-1
    beceefa95d3921e95173a521c55164e5b117748b
    MD5
    897eb73aeb86aab79018d5ce5e3cef9c
    CRC-32
    165ba341
    File type
    Unspecified binary - probably data
    First seen
    2013-03-26
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {6963B866-C696-D64B-728A-4E976E2393F0}
    "c:\Documents and Settings\test user\Application Data\Adim\axeq.exe"
  • HKCU\Software\Microsoft\Boew
    Gide
    □5□□□□□%□@&□@L□pP□PM□□□□□i□@E□ P□@□□□z□`□□□<□□O□□q□□□□@□□□s□ □□□□□ @□□D□ □□ □□□/□□J□□□□□a□p□□`□□0□□□□□0□□□□□□_□□□□0□□□□□□□□ □□□3□□□□□c□p□□`□□□□□□□□□:□ □□□□□ 2□□□□□□□`□□P□□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    58 13 fc b4 2a 2a ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\adim\axeq.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
HTTP Requests
  • http://www.karahanmimarlik.com/mambots/editors/cfg.bin
DNS Requests
  • www.karahanmimarlik.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant