Troj/ZAccess-NM

Categoria: Virus e spyware Opzioni di protezione ora disponibili:15 giu 2013 06:26:55 (GMT)
Tipo: Trojan Ultimo aggiornamento:15 giu 2013 06:26:55 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/ZAccess-NM exhibits the following characteristics:

File Information

Size
272K
SHA-1
80886a88f85c6953964ae18c5e1d9ce07c60ad65
MD5
5b09cdad0ff2f2631dcb2ecc71bee578
CRC-32
aa4ccaf1
File type
Windows executable
First seen
2013-06-14

Runtime Analysis

Registry Keys Created
  • HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
  • HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
Registry Keys Modified
  • HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
    (Default)
    C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
  • http://www.e-zeeinternet.com/count.php
IP Connections
  • 1.168.97.196:16464
  • 1.174.145.189:16464
  • 103.6.169.82:16464
  • 111.91.97.115:16464
  • 114.26.97.197:16464
  • 115.241.137.18:16464
  • 115.241.182.133:16464
  • 116.48.114.170:16464
  • 117.207.82.79:16464
  • 124.8.228.237:16464
  • 151.65.42.98:16464
  • 158.108.71.117:16464
  • 172.242.212.135:16464
  • 173.26.246.82:16464
  • 173.27.166.91:16464
  • 179.232.105.244:16464
  • 186.108.126.22:16464
  • 188.51.113.184:16464
  • 189.102.15.214:16464
  • 189.103.92.102:16464
  • 194.165.17.3:53
  • 2.32.111.176:16464
  • 200.45.86.176:16464
  • 200.92.46.92:16464
  • 201.215.28.61:16464
  • 201.221.96.49:16464
  • 209.173.191.112:16464
  • 209.68.32.176:80
  • 216.110.212.175:16464
  • 220.152.106.227:16464
  • 24.101.85.178:16464
  • 24.151.170.239:16464
  • 24.3.209.170:16464
  • 24.48.173.205:16464
  • 24.60.32.138:16464
  • 24.76.6.74:16464
  • 27.49.16.108:16464
  • 27.7.48.153:16464
  • 46.126.129.181:16464
  • 50.129.72.183:16464
  • 50.150.82.73:16464
  • 50.90.122.86:16464
  • 61.61.230.226:16464
  • 61.70.99.197:16464
  • 66.186.166.106:16464
  • 67.166.215.164:16464
  • 68.113.71.10:16464
  • 68.117.182.148:16464
  • 68.193.163.189:16464
  • 68.43.65.208:16464
  • 68.83.76.147:16464
  • 69.253.11.49:16464
  • 70.178.3.184:16464
  • 70.190.200.180:16464
  • 72.39.143.41:16464
  • 74.55.169.82:16464
  • 75.118.207.203:16464
  • 75.139.55.150:16464
  • 75.186.32.193:16464
  • 76.22.68.163:16464
  • 77.244.40.141:16464
  • 77.76.204.192:16464
  • 78.128.125.130:16464
  • 78.82.150.181:16464
  • 78.99.218.218:16464
  • 8.8.8.8:53
  • 80.99.159.88:16464
  • 83.173.151.19:16464
  • 98.170.237.128:16464
  • 98.223.183.6:16464
  • 98.232.117.7:16464
DNS Requests
  • j.maxmind.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito