Troj/Zbot-BBV

Categoría: Virus y programas espía Protección disponible desde:13 oct. 2011 19:31:38 (GMT)
Tipo: Trojan Última actualización:13 oct. 2011 19:31:38 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Troj/Zbot-BBV include:

Example 1

File Information

Size
84K
SHA-1
0967125e155bff25eb4254c2f04ca977bffeb68d
MD5
36c992a1463d43c944265c8de9b31423
CRC-32
bbc0fea3
File type
application/x-ms-dos-executable
First seen
2011-10-13

Example 2

File Information

Size
157K
SHA-1
13abaf2ab0cf01f984c06fbf5e741777e15ec014
MD5
14e6811a9738d95f3c2c7f0febd49cfb
CRC-32
31f114dc
File type
application/x-ms-dos-executable
First seen
2011-10-13

Example 3

File Information

Size
157K
SHA-1
3741a93ec25df74388584c183c652e1a98f53587
MD5
c8f245ffef5c86f5f0d3a977ad415a28
CRC-32
149fb86a
File type
application/x-ms-dos-executable
First seen
2011-10-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Qeweh\upudh.exe
    Size
    157K
    SHA-1
    13abaf2ab0cf01f984c06fbf5e741777e15ec014
    MD5
    14e6811a9738d95f3c2c7f0febd49cfb
    CRC-32
    31f114dc
    File type
    application/x-ms-dos-executable
    First seen
    2011-10-13
Registry Keys Created
  • HKCU\Software\Microsoft\Oskuin
    Erulg
    e6 b7 ef b9 4b a4 5c 40 be 05 9f af e0 34 cb fe ea 5e 3a 9e fb d1 8f 2a 8f a2 15 4c 7b 7e 16 90 0f 3b 4c bb 70 82 44 ba 8b 12 1f a9 43 cb e5 15 93 0f 8b c6 2d 0f 74 fd 9d d4 4a b3 82 85 18 b6 3a 07 7e 59 f1 e0 45 fb fe b4 85 19 db 35 2f ee 02 a9 1d 83 d2 9d 61 34 bc 5d e8 ef 8e f8 aa c4 12 e6 35 90 0a 46 62 89 fd 0c e5 5d e1 30 d1 75 cb d8 28 89
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    upudh.exe
    "c:\Documents and Settings\test user\Application Data\Qeweh\upudh.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1A05
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1A03
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\qeweh\upudh.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • androidhost.net