Troj/Zbot-GEU

Catégorie: Virus et spywares Protection disponible depuis:13 sept. 2013 08:29:10 (GMT)
Type: Trojan Dernière mise à jour :13 sept. 2013 08:29:10 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Zbot-GEU include:

Example 1

File Information

Size
360K
SHA-1
222d347c158e5029638e9dc1ad71036412a9c560
MD5
ed434350c96b079995fc92c0a3b7bb49
CRC-32
d845ebb4
File type
Windows executable
First seen
2013-09-12

Other vendor detection

Avira
TR/Crypt.Xpack.18654

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Odva\myfeco.exe
    Size
    360K
    SHA-1
    5ac6d6d1c0bd52403f39bd56c94fe2e4051088ab
    MD5
    fa93aa225f901155d429f5c79af097cc
    CRC-32
    eafc32e4
    File type
    Windows executable
    First seen
    2013-09-13
  • c:\Documents and Settings\test user\Local Settings\Application Data\icow.ahm
    Size
    477
    SHA-1
    e6ccc115393e47647d29aed4276bb8da4ad60292
    MD5
    05c666e25f46646ff19d7804f652d3c0
    CRC-32
    410ee0d9
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
Registry Keys Created
  • HKCU\Software\Microsoft\Sidiveavaz
    26bdi5a9
    cm□□5□□g□□j□□r□Px□ 2□@g□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Myfeco
    "c:\Documents and Settings\test user\Application Data\Odva\myfeco.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Processes Created
  • c:\Documents and Settings\test user\application data\odva\myfeco.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 108.234.133.110:8387
  • 58.177.94.240:3935
  • 69.127.240.124:3432
  • 71.48.23.198:4217
  • 74.179.161.58:8992
  • 74.208.73.146:4587
  • 85.100.41.9:8835
  • 93.199.3.171:8423
  • 99.144.128.93:1750
  • 99.41.175.52:8307

Example 2

File Information

Size
360K
SHA-1
5ac6d6d1c0bd52403f39bd56c94fe2e4051088ab
MD5
fa93aa225f901155d429f5c79af097cc
CRC-32
eafc32e4
File type
Windows executable
First seen
2013-09-13

download Essayez les produits Sophos gratuitement
Téléchargez maintenant