A forum for reverse engineering, OS internals and malware analysis 

Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Trojan Zeus (alias ZBot)

 #3551  by nullptr
 Thu Nov 18, 2010 5:02 am
Playing with this sample with OllyDbg in Virtual PC XP Mode on Win7 x64 and received notification from the host machine:
C:\Applications\DebugView\Dbgview.exe
Win32/TrojanDownloader.Small.PAC trojan cleaned - quarantined
Event occurred on a file modified by the application: C:\Windows\winsxs\amd64_microsoft-windows-virtualpc ui-vmwindow_31bf3856ad364e35_7.1.7600.16393_none_c661bbf36eaa14f2\VMWindow.exe
File was definitely infected.
A nice escape :)

edit: Actually the alert came when I ran the sample outside the debugger. ie infected the VM.
Attachments
password: malware
(113.82 KiB) Downloaded 140 times
Last edited by EP_X0FF on Wed Nov 02, 2011 4:50 am, edited 2 times in total. Reason: title edited

Re: W32/Zbot

 #3552  by EP_X0FF
 Thu Nov 18, 2010 8:09 am
What is that? :)
0xBF28CD64

Re: W32/Zbot

 #3554  by nullptr
 Thu Nov 18, 2010 12:16 pm
;) unpacked with special guest # BOT NOT CRYPTED :lol:
Attachments
password: malware
(102.55 KiB) Downloaded 120 times

Re: W32/Zbot

 #3602  by nullptr
 Fri Nov 19, 2010 10:13 pm
I was, but not anymore when playing with malware lol

Re: W32/Zbot

 #4750  by PX5
 Wed Jan 26, 2011 7:53 pm
Lmfao!....nullptr, some lessons are best learned in a fashion not easily forgettable, for sure, dont feel like the lone ranger!

Ive found when using certain types of wireless via host and vm, this can also be a bad thing. :lol:
  • 1
  • 2
  • 3
  • 4
  • 5
  • 29
 Return to “Malware”