Troj/Zbot-GUT

Catégorie: Virus et spywares Protection disponible depuis:05 nov. 2013 19:52:27 (GMT)
Type: Trojan Dernière mise à jour :05 nov. 2013 19:52:27 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Zbot-GUT include:

Example 1

File Information

Size
342K
SHA-1
0bdfcb3c8c10a57480fc80e38923bf2de727e0ca
MD5
c7dfad1a67d39a16d1753db67a891666
CRC-32
f3e9ddac
File type
Windows executable
First seen
2013-11-04

Other vendor detection

Avira
TR/Dropper.MSIL.12381

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Xyis\ykymh.ebv
    Size
    390K
    SHA-1
    cf1ed14cc32d585cd30dee064f8690f2c1364bf2
    MD5
    3e48a6b1866784196da6d63eebb84093
    CRC-32
    0df4e565
    File type
    Unspecified binary - probably data
    First seen
    2013-11-04
  • c:\Documents and Settings\test user\Application Data\Kufimi\buke.exe
    Size
    342K
    SHA-1
    59630b806f233c547b26d2f5c8062ed8a2f81216
    MD5
    ae6cdc350882730663cdfc463e65d4a6
    CRC-32
    38918d06
    File type
    Windows executable
    First seen
    2013-11-04
  • c:\Documents and Settings\test user\Application Data\Diuxty\yzzya.uge
    Size
    8.8K
    SHA-1
    ba47d148c16e1d592579ddf734063a3dcc7c815f
    MD5
    0bcfd761ea6fd6934287183d7a209450
    CRC-32
    4207fd86
    File type
    Unspecified binary - probably data
    First seen
    2013-11-04
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Rurene
    Tekidipi
    z+□`z□ □□□q□□□□□J□@□□□#□□+□`z□ □□□q□□□□□J□@□□□#□□+□`z□ □□□q□□□□□J□@□□□#□p□□@□□`□□□y□□□□□□□@4□□□□□+□`z□ □□□q□□□□□J□@□□□#□□+□`z□ □□□q□□□□□J□@□□□#□□+□`z□ □□□q□□□□□J□@□□□#□P□□□□□□y□0□□□&□0□□□□□□□□□+□`z□ □□□q□□□□□J□@□□□#□□+□`z□ □□□q□□□□□J□@□□□#□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Ciednaef
    "c:\Documents and Settings\test user\Application Data\Kufimi\buke.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    f4 90 99 53 98 d9 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\kufimi\buke.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\hostname.exe
  • c:\windows\system32\ipconfig.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\tasklist.exe
HTTP Requests
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • new.samplerproduct.org
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
342K
SHA-1
59630b806f233c547b26d2f5c8062ed8a2f81216
MD5
ae6cdc350882730663cdfc463e65d4a6
CRC-32
38918d06
File type
Windows executable
First seen
2013-11-04

download Essayez les produits Sophos gratuitement
Téléchargez maintenant