Troj/MDrop-FBV

Category: Viruses and Spyware Protection available since:22 May 2013 21:30:24 (GMT)
Type: Trojan Last Updated:22 May 2013 21:30:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MDrop-FBV exhibits the following characteristics:

File Information

Size
413K
SHA-1
c030c0ef11e17a78905a6df271693638c5e527e7
MD5
a7b6d7d3753c25f8828f1260eff79b1a
CRC-32
228ba896
File type
Windows executable
First seen
2013-05-22

Runtime Analysis

Dropped Files
  • C:\bin\bestellung.pdf
    Size
    3
    SHA-1
    ce9f44bc3d348133b47226685a8f75bbf17e757b
    MD5
    437175ba4191210ee004e1d937494d09
    CRC-32
    0ef0db8c
    File type
    A ASCII/UTF-8 file with a very small filesize (too small to be malicious)
    First seen
    2011-03-23
Registry Keys Created
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□0@□□W□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□0@□□W□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    logonw.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0 86 83 40 1e 57 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0 86 83 40 1e 57 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Processes Created
  • c:\docume~1\support\locals~1\temp\adobe.exe
HTTP Requests
  • http://www.google.com/
DNS Requests
  • eunojawbus.mrbasic.com
  • greli.net
  • jetaqua.com
  • ogusdibop.my03.com
  • twintrade.net
  • www.google.com
  • xoponsdif.sytes.net

download Try Sophos products for free
Download now