Mal/Qbot-N

Category: Viruses and SpywareProtection available since:10 Feb 2016 15:00:23 (GMT)
Type: Malicious behaviorLast Updated:10 Oct 2016 06:42:29 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Qbot-N include:

Example 1

File Information

Size
268K
SHA-1
001b3689c46684ad65755e0d18e9814a26887720
MD5
c5967561a8a9ec35049bafa5679dcc5a
CRC-32
a0333802
File type
Windows executable
First seen
2016-01-20

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzi.dll
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    zrzjr
    "c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\udrzild\udrzil.exe
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe

Example 2

File Information

Size
300K
SHA-1
001cb95acb7ede1d87b43191ac160d1f50121e9f
MD5
61d3f89b89ccbce4e1ccbf8d33dff6b5
CRC-32
83cb0952
File type
Windows executable
First seen
2015-08-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzi.dll
    Size
    79
    SHA-1
    3c5268ebc01c200660dedf80d76af6eaa135ab57
    MD5
    cb00976b8a8324bdd91fae3dc057617a
    CRC-32
    b2b9fa94
    File type
    Unspecified binary - probably data
    First seen
    2016-05-31
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    lypm
    "c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk
    ObjectName
    LocalSystem
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\udrzild\udrzil.exe
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe

Example 3

File Information

Size
268K
SHA-1
002c868a26ead0ec51a44262c0ad45b9d3ae4c7d
MD5
021a24401ef554833bc952841a2663c5
CRC-32
c0984161
File type
Windows executable
First seen
2016-01-20

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzi.dll
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\hpxbgk\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    vwirvl
    "c:\Documents and Settings\test user\Application Data\Microsoft\Udrzild\udrzil.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\udrzild\udrzil.exe
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe