Troj/FakeAV-DZU

    Category: Viruses and SpywareProtection available since:13 Jun 2011 21:44:38 (GMT)
    Type: TrojanLast Updated:13 Jun 2011 21:44:38 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Examples of Troj/FakeAV-DZU include:

    Example 1

    File Information

    File type
    application/x-ms-dos-executable

    Example 2

    File Information

    Size
    129K
    SHA-1
    ca0b802f41e37db28a3dbc27979533ff5681eec3
    MD5
    235a7e4d108ec2403e4f52f0ab7800d4
    CRC-32
    aaea400b
    File type
    application/x-ms-dos-executable
    First seen
    2011-06-13

    Other vendor detection

    Kaspersky
    Trojan-Spy.Win32.Zbot.bqsy

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Application Data\Qiokut\utycm.exe
      Size
      129K
      SHA-1
      06e2a6a06eaee4b31d65ac6ad459ab84894615c2
      MD5
      0ff368dcec10c08bf6d160e88ba33d15
      CRC-32
      d373dd8c
      File type
      application/x-ms-dos-executable
      First seen
      2011-06-13
    Registry Keys Created
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      {89445BCE-E999-1DC9-1DAB-5CED565840C2}
      "c:\Documents and Settings\test user\Application Data\Qiokut\utycm.exe"
    • HKCU\Software\Microsoft\Internet Explorer\Privacy
      CleanCookies
      0x00000000
    • HKCU\Software\Microsoft\Reozo
      Boymdok
      a7 c3 d3 24 1f 7e 3b 25 e4 a2 5c 8b 57 99 07 7c 5f 99 63 2c 6b 56 3a 32 cf cc d4 9c e5 93 b0 6d a3 79 96 e9 8a 36 31 c6 66 de ca 9a 52 6b 78 78 1e 43 13 0b 5b 6c 9e 6e 08 f2 ce 23 70 22 dd 16 7a 8d 90 f0 54 0f f6 f0 9e 62 49 2c 4c 27 56 a5 c1 7e f7 21 28 80 9b 7e 61 b1 08 50 22 89 49 13 2f 9e c5 cb 83 07 54 f5 0c 02 cd b4 3d 09 fe 28 59 d3 a7 1b 21 d4 94 7f a5 42 82 75 51 bb aa 8c 7e f6 b6 a5 df e3 5e 0f f7 a3 71 58 13 3c 39 d8 c1 a9 a7 ef c9 07 99 d2 4c 3d a4 58 ad f1 20 03 1c ba 8a bc 35 90 5f cf d4 9e f2 76 d9 38 eb d8 18 b6 f6 54 a1 69 1d cc 22 8f 5b 16 d6 77 8f c3 41 8c 6d 9a 97 dd 60 00 87 51 7b b9 8f 83 c1 76 1a 5b 4e fe 32 e0 be 9b 2f ad 06 a5 24 70 6e 49 3e f8 98 23 16 fc a7 3d 79 10 b1 42 7e 3a 2f 9a 57 73 6f 66 06 94 ad a1 58 16 3d fe ed 78 a9 c2 [... 59010 intervening characters ...] 70 4c 38 c7 fd fa 9d 28 d5 7a 2d 09 61 ba c0 e5 3b a9 3f 46 60 f4 69 ae b4 8c c4 d0 27 bb 37 bf 78 68 58 bc 62 eb 49 9b c6 61 1a 0a 79 43 20 ba 9a 2d 4b 67 3a 75 e1 23 87 fa e8 f4 c2 51 28 c1
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
      1609
      0x00000000
    Processes Created
    • c:\documents and settings\support\application data\qiokut\utycm.exe
    • c:\windows\system32\cmd.exe
    HTTP Requests
    • http://www.google.com/webhp
    • http://zonsolemonito.com/fur/chi.ps
    DNS Requests
    • matchmechanip.com
    • www.google.com
    • zonsolemonito.com

    Example 3

    File Information

    Size
    129K
    SHA-1
    d2f2e540ff905d5307185502b62c77e0f7c8cea9
    MD5
    0d6d3f5f697026a9ff125325c7251f83
    CRC-32
    9c56d820
    File type
    application/x-ms-dos-executable
    First seen
    2011-06-13

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection