Troj/Zbot-FDH

Catégorie: Virus et spywares Protection disponible depuis:20 mai 2013 12:53:10 (GMT)
Type: Trojan Dernière mise à jour :20 mai 2013 12:53:10 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Zbot-FDH include:

Example 1

File Information

Size
308K
SHA-1
af56cd9c2b3f039cd0407a249fa3d26859f2565b
MD5
8f8b9dd537e791464fa2da21de0d0863
CRC-32
ef19c87d
File type
Windows executable
First seen
2013-05-19

Example 2

File Information

Size
308K
SHA-1
c538354725806d7b5b7c9915245faabecb9a6ab9
MD5
ab109de7ade1dd239060b557b296f235
CRC-32
78f41a12
File type
Windows executable
First seen
2013-05-20

Example 3

File Information

Size
308K
SHA-1
7ac1c756445ea9486b6f861db4a4ba21826fe631
MD5
757c837b3daee72e05c9017fe6b3cec4
CRC-32
772eed5f
File type
Windows executable
First seen
2013-05-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\qoolma.uzk
    Size
    477
    SHA-1
    657c9a94beaaa8aee7e049929d12aee87952e24b
    MD5
    5705bab3b1971a91106a8bee194d5931
    CRC-32
    b73ebeba
    File type
    Unspecified binary - probably data
    First seen
    2013-05-19
  • c:\Documents and Settings\test user\Application Data\Uwud\agma.exe
    Size
    308K
    SHA-1
    af56cd9c2b3f039cd0407a249fa3d26859f2565b
    MD5
    8f8b9dd537e791464fa2da21de0d0863
    CRC-32
    ef19c87d
    File type
    Windows executable
    First seen
    2013-05-19
Registry Keys Created
  • HKCU\Software\Microsoft\Yrig
    1cdf6g3f
    5Y□@k□0/□□6□□m□`/□□z□□g□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Uwud\agma.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Processes Created
  • c:\Documents and Settings\test user\application data\uwud\agma.exe
IP Connections
  • 171.5.115.53:17592
  • 180.183.178.134:20898
  • 41.97.105.69:23692
  • 64.160.155.194:19894
  • 84.59.222.81:10378
  • 94.71.215.52:29290
  • 94.97.111.238:11060

download Essayez les produits Sophos gratuitement
Téléchargez maintenant