Troj/Zbot-GUU

Catégorie: Virus et spywares Protection disponible depuis:05 nov. 2013 19:52:27 (GMT)
Type: Trojan Dernière mise à jour :05 nov. 2013 19:52:27 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Zbot-GUU exhibits the following characteristics:

File Information

Size
318K
SHA-1
4e4d6e48cbb1ead458cd66e26269e175a63d5292
MD5
e980d624ac3b9943814518ed7f41edc4
CRC-32
eacdfd68
File type
Windows executable
First seen
2013-11-05

Other vendor detection

Avira
TR/Crypt.XPACK.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Uhymzi\jyygbe.exe
    Size
    318K
    SHA-1
    f1404ff87a4e3c44b58fa98b092618978c756d0d
    MD5
    0c1c04da3b72f2011abea9e23c9e2ce7
    CRC-32
    cfdedc02
    File type
    Windows executable
    First seen
    2013-11-05
  • c:\Documents and Settings\test user\Local Settings\Application Data\akymix.eji
    Size
    477
    SHA-1
    f9d3b1b8d08a3c5a27f4ea132daad8229186b900
    MD5
    914a3de64d32ce915948170355b68213
    CRC-32
    56f738c1
    File type
    Unspecified binary - probably data
    First seen
    2013-11-05
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Naoluciko
    133e36j2
    Fb□□A□□K□0U□PO□□o□`w□ h□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Jyygbe
    "c:\Documents and Settings\test user\Application Data\Uhymzi\jyygbe.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\uhymzi\jyygbe.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 108.240.232.212:3131
  • 108.65.194.40:1995
  • 172.8.73.242:9821
  • 192.95.59.51:7991
  • 213.123.194.165:2965
  • 37.204.184.133:3495
  • 70.113.122.191:7564
  • 84.59.129.23:7605

download Essayez les produits Sophos gratuitement
Téléchargez maintenant