Troj/Zbot-DJB

Category: Viruses and SpywareProtection available since:22 Dec 2012 17:22:36 (GMT)
Type: TrojanLast Updated:22 Dec 2012 17:22:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-DJB exhibits the following characteristics:

File Information

Size
32K
SHA-1
3d1f58b67cd3677a22fcf5c1ca94e0862c4765a6
MD5
43f52ab8ceaccd03881cdf9210562586
CRC-32
e1748a56
File type
application/x-ms-dos-executable
First seen
2012-12-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\ocsvthpj.exe
Dropped Files
  • C:\sample.txt
    Size
    5
    SHA-1
    c9589c81355baab345cd121a76dcd743d65e131c
    MD5
    43fb2705d9766ea761f934981936503f
    CRC-32
    0a181565
    File type
    A binary file with a very small filesize (too small to be malicious)
    First seen
    2012-08-08
Processes Created
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 173.201.16.68:60000
  • 173.255.203.58:8080
  • 178.77.103.54:8080
  • 188.212.156.180:8080
  • 202.169.224.202:8080
  • 211.172.112.7:8080
  • 59.126.131.132:8080
  • 59.25.189.234:8080
  • 61.47.60.166:60000
  • 66.232.145.174:6667
  • 74.80.220.148:60000
  • 80.82.115.171:60000
  • 80.93.49.145:8080
  • 81.93.248.152:8080
  • 82.113.204.228:8080
  • 85.214.22.38:8080
  • 87.106.89.231:8080