Troj/Zbot-GKI

Categoria: Virus e spyware Opzioni di protezione ora disponibili:26 set 2013 09:24:15 (GMT)
Tipo: Trojan Ultimo aggiornamento:26 set 2013 09:24:15 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/Zbot-GKI exhibits the following characteristics:

File Information

Size
476K
SHA-1
79f0c3e98452032c3a86710929b28917d4f2915f
MD5
3475dde218707776e6ab6ced3ffd32ad
CRC-32
43b87de2
File type
Windows executable
First seen
2013-09-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ynywc\soteas.exe
    Size
    476K
    SHA-1
    9afcb208a0aa3bc6b7d3d906c9ddc3d0ab0cf70f
    MD5
    6af7cc9a7c9cb3e52618fcaf201cacfd
    CRC-32
    47606f99
    File type
    Windows executable
    First seen
    2013-09-26
  • c:\Documents and Settings\test user\Local Settings\Application Data\fyli.cyu
    Size
    477
    SHA-1
    440fdb5279da97a647be9e45f14a88e056eb6cac
    MD5
    3a7f5709c70f00609ea4f9759e2034de
    CRC-32
    497d49ad
    File type
    Unspecified binary - probably data
    First seen
    2013-09-26
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Soteas
    "c:\Documents and Settings\test user\Application Data\Ynywc\soteas.exe"
  • HKCU\Software\Microsoft\Upfaimnu
    1ffgf41g
    zv□□X□□m□□y□□+□PJ□ 8□@v□
Processes Created
  • c:\Documents and Settings\test user\application data\ynywc\soteas.exe
IP Connections
  • 108.240.232.212:1796
  • 174.76.94.24:1668
  • 184.145.205.63:6774
  • 207.47.212.146:6322
  • 217.35.75.232:1833
  • 99.157.164.179:7674
  • 99.60.111.51:9679
  • 99.60.68.114:3288

scarica Prova gratuita dei prodotti Sophos
Scarica subito