ZeroAccess is a distributed Peer-to-Peer (P2P) botnet used by attackers for various monetary benefits—including click-fraud, bitcoin mining, pay-per-install and information theft. ZeroAccess infected tens of millions of computers. It creates the hidden file system for stolen credentials, and employ the root-kit techniques for covert communication. In this paper, we have analyzed a ZeroAccess malware binary to investigate the features and functionalities of the bot. We extracted the list of IPs the bot communicates and identified the ports and protocols used by the bot via its dynamic analysis. In addition to this, we found the IPs from various nations the bot communicates, and also provide more insight into the features and functionality of the malware. Further, we present future research directions.

ZeroAccess是一个分布式的点对点（P2P）僵尸网络，攻击者使用该僵尸网络可获取各种金钱利益，包括点击欺诈，比特币挖矿，按安装付费和信息盗窃。ZeroAccess感染了数千万台计算机。它为被窃取的凭证创建隐藏的文件系统，并采用root-kit技术进行秘密通信。在本文中，我们分析了ZeroAccess恶意软件二进制文件，以研究该机器人的特征和功能。我们提取了该机器人通信的IP列表，并通过其动态分析确定了该机器人使用的端口和协议。除此之外，我们还发现了该机器人所通信的各个国家/地区的IP，并且还提供了对该恶意软件特征和功能的更多了解。此外，我们提出了未来的研究方向。