Sus/Dropper-R

Category:	Suspicious Behavior and Files	Protection available since:	21 Sep 2007 11:33:21 (GMT)
Type:	Suspicious file	Last Updated:	08 Jul 2011 17:49:42 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as Sus/Dropper-R exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Dropper-R follow:

Example 1

Runtime Analysis

Dropped Files

C:\microsoft.dll
C:\microsoft.exe

Processes Created

c:\program files\internet explorer\iexplore.exe
c:\windows\system32\regsvr32.exe

HTTP Requests

http://www.greekembassy.nl/press/modules/PostCalendar/pntemplates/metaglo/complaint.html

DNS Requests

www.greekembassy.nl

Example 2

Runtime Analysis

Dropped Files

C:\microsoft.exe
C:\microsoft.dll

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090620100913
CacheOptions
0x0000000b
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010092120100922
CacheOptions
0x0000000b

Processes Created

c:\program files\internet explorer\iexplore.exe
c:\windows\system32\regsvr32.exe

HTTP Requests

http://empoweredyouthchurch.net/b2evolution/media/complaint.html

DNS Requests

empoweredyouthchurch.net

Example 3

File Information

Size: 5.7M
SHA-1: 48a6509ae8744ba84cf70537f8aae7af761649f9
MD5: 9bb8011de752d68870b7fe4a0798137c
CRC-32: a604425a
File type: application/x-ms-dos-executable
First seen: 2010-09-06

Runtime Analysis

Dropped Files

C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\Crying Damson.exe
C:\Documents and Settings\support\Local Settings\Temp\CRYING DAMSON.EXE
Size
5.0M
SHA-1
f592c6780ce3c14511695395f5f10084dc1344ca
MD5
e7602971885ce987f90ea4f6d195fff3
CRC-32
f310cf8b
File type
application/x-ms-dos-executable
First seen
2010-09-07
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\iconv.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\zlib1.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libxml2-2.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\sqlite3.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libiconv-2.dll
C:\Documents and Settings\support\Local Settings\Temp\SERWER.EXE
Size
700K
SHA-1
bb1fd4750a7c12dc00a499880df94b128b9b275b
MD5
90803ea3feeda6c03d842b5513e87d4f
CRC-32
b86076d1
File type
application/x-ms-dos-executable
First seen
2010-09-07
C:\Documents and Settings\support\Start Menu\Programs\Startup\nssvc32.exe
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\mysql.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libxml2.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\lua5.1.dll
C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libmysql.dll

Processes Created

c:\docume~1\support\locals~1\temp\crying damson.exe
c:\docume~1\support\locals~1\temp\serwer.exe
c:\windows\system32\dwwin.exe

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Sus/Dropper-R

Summary

Detailed analysis

Example 1

Runtime Analysis

Dropped Files

Processes Created

HTTP Requests

DNS Requests

Example 2

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

DNS Requests

Example 3

File Information

Runtime Analysis

Dropped Files

Processes Created

Free Mac Anti-Virus

Popular topics