Examples of Troj/FakeAV-DZU include:
Example 1
File Information
- File type
- application/x-ms-dos-executable
Example 2
File Information
- Size
- 129K
- SHA-1
- ca0b802f41e37db28a3dbc27979533ff5681eec3
- MD5
- 235a7e4d108ec2403e4f52f0ab7800d4
- CRC-32
- aaea400b
- File type
- application/x-ms-dos-executable
- First seen
- 2011-06-13
Other vendor detection
- Kaspersky
- Trojan-Spy.Win32.Zbot.bqsy
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Qiokut\utycm.exe
- Size
- 129K
- SHA-1
- 06e2a6a06eaee4b31d65ac6ad459ab84894615c2
- MD5
- 0ff368dcec10c08bf6d160e88ba33d15
- CRC-32
- d373dd8c
- File type
- application/x-ms-dos-executable
- First seen
- 2011-06-13
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {89445BCE-E999-1DC9-1DAB-5CED565840C2}
- "c:\Documents and Settings\test user\Application Data\Qiokut\utycm.exe"
- HKCU\Software\Microsoft\Internet Explorer\Privacy
- CleanCookies
- 0x00000000
- HKCU\Software\Microsoft\Reozo
- Boymdok
- a7 c3 d3 24 1f 7e 3b 25 e4 a2 5c 8b 57 99 07 7c 5f 99 63 2c 6b 56 3a 32 cf cc d4 9c e5 93 b0 6d a3 79 96 e9 8a 36 31 c6 66 de ca 9a 52 6b 78 78 1e 43 13 0b 5b 6c 9e 6e 08 f2 ce 23 70 22 dd 16 7a 8d 90 f0 54 0f f6 f0 9e 62 49 2c 4c 27 56 a5 c1 7e f7 21 28 80 9b 7e 61 b1 08 50 22 89 49 13 2f 9e c5 cb 83 07 54 f5 0c 02 cd b4 3d 09 fe 28 59 d3 a7 1b 21 d4 94 7f a5 42 82 75 51 bb aa 8c 7e f6 b6 a5 df e3 5e 0f f7 a3 71 58 13 3c 39 d8 c1 a9 a7 ef c9 07 99 d2 4c 3d a4 58 ad f1 20 03 1c ba 8a bc 35 90 5f cf d4 9e f2 76 d9 38 eb d8 18 b6 f6 54 a1 69 1d cc 22 8f 5b 16 d6 77 8f c3 41 8c 6d 9a 97 dd 60 00 87 51 7b b9 8f 83 c1 76 1a 5b 4e fe 32 e0 be 9b 2f ad 06 a5 24 70 6e 49 3e f8 98 23 16 fc a7 3d 79 10 b1 42 7e 3a 2f 9a 57 73 6f 66 06 94 ad a1 58 16 3d fe ed 78 a9 c2 [... 59010 intervening characters ...] 70 4c 38 c7 fd fa 9d 28 d5 7a 2d 09 61 ba c0 e5 3b a9 3f 46 60 f4 69 ae b4 8c c4 d0 27 bb 37 bf 78 68 58 bc 62 eb 49 9b c6 61 1a 0a 79 43 20 ba 9a 2d 4b 67 3a 75 e1 23 87 fa e8 f4 c2 51 28 c1
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
Processes Created
- c:\documents and settings\support\application data\qiokut\utycm.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://www.google.com/webhp
- http://zonsolemonito.com/fur/chi.ps
DNS Requests
- matchmechanip.com
- www.google.com
- zonsolemonito.com
Example 3
File Information
- Size
- 129K
- SHA-1
- d2f2e540ff905d5307185502b62c77e0f7c8cea9
- MD5
- 0d6d3f5f697026a9ff125325c7251f83
- CRC-32
- 9c56d820
- File type
- application/x-ms-dos-executable
- First seen
- 2011-06-13