Troj/Zbot-GKH

Categoria: Virus e spyware Opzioni di protezione ora disponibili:26 set 2013 07.07.43 (GMT)
Tipo: Trojan Ultimo aggiornamento:11 ott 2013 03.19.48 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/Zbot-GKH include:

Example 1

File Information

Size
942K
SHA-1
0549e55f0d16ce43739411f11eac85e89fe37ec0
MD5
eb259d5454f8de557511b62d9d049254
CRC-32
b4409041
File type
Windows executable
First seen
2013-09-24

Runtime Analysis

Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe

Example 2

File Information

Size
942K
SHA-1
10661eb935150a78e72b9f66b9539925471bb07b
MD5
3566962edd36cc8b58bcf6cab835fb5e
CRC-32
f6b296ac
File type
Windows executable
First seen
2013-09-25

Runtime Analysis

Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe

Example 3

File Information

Size
1.6M
SHA-1
1e76ff5b9d29b4a0823afeb416aee18b0afa53e9
MD5
174627e8dabbbdbccc6537dbe77bf8d5
CRC-32
c240900d
File type
Windows executable
First seen
2013-09-24

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Obag\uzel.ufx
    Size
    477
    SHA-1
    22558dc80f47649f0c4788e81191eca68d900f0f
    MD5
    743af24343befab348a7073be4394bb3
    CRC-32
    e7b5c577
    File type
    Unspecified binary - probably data
    First seen
    2013-09-24
  • c:\Documents and Settings\test user\Application Data\Zypyu\bozi.exe
    Size
    138K
    SHA-1
    d6848fb157819598a2c9c9404f8812b644f680bb
    MD5
    664baa4ab19215e6bd5304ee8aa3845d
    CRC-32
    499adc51
    File type
    Windows executable
    First seen
    2013-09-24
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Kuehf
    Aferoq
    □□□□□□@3□□□□`d□□;□□□□□□□p□□05□0N□□□□□□□ =□0a□□O□□□□@□□□□□0a□□□□□_□□□□`o□@y□□□□□*□ □□ □□□O□□□□0a□□□□0x□`□□□<□ |□ x□ %□pj□□□□□□□□□□□m□□;□p(□□ □□□□p□□□□□□□□□$□□□□ !□p□□pQ□□□□□□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {DEB5F4A1-4BF0-9C17-7B46-C95CA45E9D17}
    "c:\Documents and Settings\test user\Application Data\Zypyu\bozi.exe"
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    d8 e6 a0 fd 54 b9 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\zypyu\bozi.exe
  • c:\docume~1\support\locals~1\temp\bt.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe
HTTP Requests
  • http://treching.net/law/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • treching.net
  • www.google.bg
  • www.google.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito