Troj/Zbot-HUP

Catégorie: Virus et spywares Protection disponible depuis:05 mars 2014 03:02:29 (GMT)
Type: Trojan Dernière mise à jour :05 mars 2014 03:02:29 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Zbot-HUP include:

Example 1

File Information

Size
965K
SHA-1
36f38df0647dfe86301e7b5c1e0e51ab742ffd76
MD5
0a9d4ca24659e50eddc301c26c18488e
CRC-32
4a64f1a6
File type
application/x-ms-dos-executable
First seen
2014-03-04

Runtime Analysis

Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Tegy
    Yhynsyfo
    □□□□□□p1□□$□□l□0□□□□□□6□□□□□□□p1□□$□□l□0□□□□□□6□□□□□□□p1□□$□□l□0□□□□□□6□□□□□□□□)□□7□0□□ □□□□□`□□□□□□□□p1□□$□□l□0□□□□□□6□□□□□□□p1□□$□□l□0□□□□□□6□□□□□□□p1□□$□□l□0□□□□□□6□□3□0□□0□□p?□□=□□□□□□□□□□□□□□□□□□□□,□□E□□^□□□□□G□□□□□□□p1□□$□□l□0□□□□□□6□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Xihinausyf
    "c:\Documents and Settings\test user\Application Data\Geoweb\waulm.exe"
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    98 62 08 56 e4 37 cf 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\geoweb\waulm.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\hostname.exe
  • c:\windows\system32\ipconfig.exe
  • c:\windows\system32\tasklist.exe
HTTP Requests
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
IP Connections
  • 217.23.12.217:80
DNS Requests
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
34K
SHA-1
572ef23a4462b5b7771d412692e39b9e6c13d1db
MD5
f89d0ef09e4bba42f60c2626f591b3ca
CRC-32
c97f2d1a
File type
Microsoft Word 95 to 2003
First seen
2014-03-04

Other vendor detection

Avira
W2000M/Dldr.Jetoypt.A

download Essayez les produits Sophos gratuitement
Téléchargez maintenant