Troj/Zbot-EVX

Categoria: Virus e spyware Opzioni di protezione ora disponibili:30 apr 2013 09:27:14 (GMT)
Tipo: Trojan Ultimo aggiornamento:30 apr 2013 09:27:14 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/Zbot-EVX exhibits the following characteristics:

File Information

Size
363K
SHA-1
293735a9fdc7e786b12c2ef92f544ffc53a0a0e7
MD5
0a3723483e06dcf7e51073972b9d1ef3
CRC-32
e1d036ae
File type
Windows executable
First seen
2013-04-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Elyto\ojaxu.exe
    Size
    363K
    SHA-1
    751419d5be36ec577a0a71e571dac83d772237b7
    MD5
    de3578b80e129f7d5693a0504df7f802
    CRC-32
    46b2ca7f
    File type
    Windows executable
    First seen
    2013-04-30
  • c:\Documents and Settings\test user\Local Settings\Application Data\ydqesi.ove
    Size
    477
    SHA-1
    43fa1979c8cc5f6db8d3348efe84d1c5e81d9b00
    MD5
    11bccc33fdab083d32d5151e2f1a31d0
    CRC-32
    2c631e66
    File type
    Unspecified binary - probably data
    First seen
    2013-04-30
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
    "c:\Documents and Settings\test user\Application Data\Elyto\ojaxu.exe"
  • HKCU\Software\Microsoft\Yjkij
    32ae43ae
    @□□□□□□□□□□□□a□□+□
Processes Created
  • c:\Documents and Settings\test user\application data\elyto\ojaxu.exe
IP Connections
  • 123.237.234.67:19477
  • 202.229.103.0:13338
  • 64.231.249.250:27667
  • 69.183.226.70:14774
  • 78.139.187.6:14384
  • 79.43.109.56:15575
  • 81.133.189.232:10880
  • 95.59.85.166:26355

scarica Prova gratuita dei prodotti Sophos
Scarica subito