Thursday, May 28, 2015

zlob.sunporn

Type: trojan

Alias: win-dropper/zlob.427816, trojan.dnschanger

Description: Zlob.Sunporn is a variant of zlob family, disguised as a video codec that silently downloads other malwares on infected machine.

Directories

• C:\Program Files\SunPorn

Files

• C:\Program Files\SunPorn\unins000.exe
• C:\Program Files\SunPorn\unins000.dat
• viva-codec.v3.535.exe (md5:a39c7870c1ee52a4d50582...)

Registry Keys

• HKEY_CLASSES_ROOT\\SunPorn
• HKEY_CLASSES_ROOT\\SunPornwrrb325
• HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SunPorn
• HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SunPornwrrb325
• HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1_IS1