Troj/Mdrop-FFD

Kategorie: Viren und Spyware Schutz verfügbar seit:02 Jul 2013 03:37:10 (GMT)
Typ: Trojan Zuletzt aktualisiert:02 Jul 2013 03:37:10 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/Mdrop-FFD exhibits the following characteristics:

File Information

Size
709K
SHA-1
977ca127f442ee507ca478915633abfbe8a6d963
MD5
6120cf9cc0d912bca46c73f81685e407
CRC-32
2cf38d8e
File type
Windows executable
First seen
2013-07-01

Runtime Analysis

Dropped Files
  • C:\WINDOWS\xk2.dll
    Size
    544K
    SHA-1
    9c179ec1e8995863c8ba0f09d3dee11bdfc225d6
    MD5
    bea545040b4a045dc62e438799a4bc24
    CRC-32
    c6ca946a
    File type
    Windows executable
    First seen
    2013-07-01
  • C:\WINDOWS\temp2.exe
    Size
    72K
    SHA-1
    01dafe061bb2965c5706767e9a118960e47cc2fb
    MD5
    877c0e1f0a07063163888de0589458b2
    CRC-32
    bfd720d5
    File type
    Windows executable
    First seen
    2013-07-01
  • C:\WINDOWS\skype32x.exe
    Size
    36K
    SHA-1
    028d1e499efbbece470ddce762dd8adb0e93fd1b
    MD5
    64336b7c855e114cc0f0c3b3d61b22de
    CRC-32
    5cf72aaa
    File type
    Windows executable
    First seen
    2013-07-01
Registry Keys Created
  • HKCR\CLSID\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\Gtray.ClsGtray
    (Default)
    Gtray.ClsGtray
  • HKCR\Interface\{C509897F-C94C-4A60-81AE-5F1EFE5CF949}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{C509897F-C94C-4A60-81AE-5F1EFE5CF949}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{C509897F-C94C-4A60-81AE-5F1EFE5CF949}
    (Default)
    ClsGtray
  • HKCR\CLSID\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}\TypeLib
    (Default)
    {48851D05-DBD4-492D-A301-6E3A8A4FF7F6}
  • HKCR\CLSID\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}
    (Default)
    Gtray.ClsGtray
  • HKCR\CLSID\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}\VERSION
    (Default)
    3.0
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
    Publish
    Version64x2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IxplorerStart
    C:\Program Files\Internet Explorer\iexplore.exe
  • HKCR\TypeLib\{48851D05-DBD4-492D-A301-6E3A8A4FF7F6}\3.0\FLAGS
    (Default)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {E5D52B73-CF82-4D2D-A805-B7466CCFD06E}
    1
  • HKCR\CLSID\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}\ProgID
    (Default)
    Gtray.ClsGtray
  • HKCR\Interface\{C509897F-C94C-4A60-81AE-5F1EFE5CF949}\TypeLib
    Version
    3.0
  • HKCR\Gtray.ClsGtray\Clsid
    (Default)
    {E5D52B73-CF82-4D2D-A805-B7466CCFD06E}
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System
    EnableLUA
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5D52B73-CF82-4D2D-A805-B7466CCFD06E}
    (Default)
  • HKCR\TypeLib\{48851D05-DBD4-492D-A301-6E3A8A4FF7F6}\3.0\HELPDIR
    (Default)
    C:\WINDOWS
  • HKCR\TypeLib\{48851D05-DBD4-492D-A301-6E3A8A4FF7F6}\3.0
    (Default)
    Gtray
  • HKCR\TypeLib\{48851D05-DBD4-492D-A301-6E3A8A4FF7F6}\3.0\0\win32
    (Default)
    C:\WINDOWS\xk2.dll
Processes Created
  • c:\windows\skype32x.exe
  • c:\windows\system32\regsvr32.exe
  • c:\windows\temp2.exe
DNS Requests
  • portomk.web69.f1.k8.com.br
  • www.google.com.br

Download Sophos Produkte kostenlos testen
Jetzt downloaden