Troj/Zbot-EGR

Categoría: Virus y programas espía Protección disponible desde:19 mar 2013 00:38:50 (GMT)
Tipo: Trojan Última actualización:19 mar 2013 00:38:50 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Troj/Zbot-EGR include:

Example 1

File Information

Size
271K
SHA-1
19c5805e8904ac9ecee881753d29d09035bead08
MD5
6408ee0eeda637f6dfb97f3b733599a4
CRC-32
c1070e56
File type
Windows executable
First seen
2013-03-11

Example 2

File Information

Size
271K
SHA-1
bd9470a1e716593a56835995ae0e5cfd9990037f
MD5
990f1103e138da7dd6504a1fcfc19d6f
CRC-32
946f6cef
File type
Windows executable
First seen
2013-03-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Uhqif\suke.exe
    Size
    271K
    SHA-1
    19c5805e8904ac9ecee881753d29d09035bead08
    MD5
    6408ee0eeda637f6dfb97f3b733599a4
    CRC-32
    c1070e56
    File type
    Windows executable
    First seen
    2013-03-11
  • c:\Documents and Settings\test user\Application Data\Zepo\ytvy.ybh
    Size
    477
    SHA-1
    e0ba8f093385eaa3a18826432d0e6242f0c3c878
    MD5
    1c5bd7555b1649bce4ffc3559a6ada71
    CRC-32
    59e4e749
    File type
    Unspecified binary - probably data
    First seen
    2013-03-11
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnonBadCertRecving
    0x00000000
  • HKCU\Software\Microsoft\Sipuo
    Myul
    □□□ □□□P□□a□□□□p□□□V□□□□@□□□□□□□□□4□□□□□□□□□□`□□□□□p□□□□□□□□□□□@□□□□□□Y□□□□□u□□□□P□□□□□□□□@□□□/□`H□□□□□+□□□□□□□p□□`X□□□□□□□□□□□2□□□□□g□□□□`w□□□□□□□□f□□□□ m□□3□□+□□□□0□□0□□□s□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    suke.exe
    "c:\Documents and Settings\test user\Application Data\Uhqif\suke.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1A10
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1A10
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    d6 5b c5 5b 5a 1e ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\uhqif\suke.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 92.53.127.209:443

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita