Examples of Troj/Mdrop-CVY include:
Example 1
File Information
- Size
- 267K
- SHA-1
- 6227edd37505ab74fe75c76b1de66a11379b81fc
- MD5
- 402716d6dd7849fd4cc1f162ee4c7b77
- CRC-32
- f0c54bfc
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-09
Other vendor detection
- Kaspersky
- Worm.Win32.VBNA.anxg
Runtime Analysis
Dropped Files
- F:/Passwords.lnk
- F:/Pictures.lnk
- F:/trkoy.exe
- F:/Documents.lnk
- F:/Video.lnk
- F:/trkoyx.exe
- c:\Documents and Settings\test user\sbpad.exe
- F:/Music.lnk
- c:\Documents and Settings\test user\trkoy.exe
- F:/autorun.inf
- F:/New Folder.lnk
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- trkoy
- c:\Documents and Settings\test user\trkoy.exe /l
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- Administrative Tools
- c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools
Processes Created
- c:\documents and settings\support\impad.exe
- c:\documents and settings\support\trkoy.exe
- c:\documents and settings\support\uspad.exe
- c:\windows\system32\cmd.exe
- c:\windows\system32\svchost.exe
- c:\windows\system32\tasklist.exe
Example 2
File Information
- Size
- 43K
- SHA-1
- bb6e89c6a95b6f0fd6440e1b3b5b1abcc7af1217
- MD5
- 33ec9d5d5435e97a18ee8c21aa51a575
- CRC-32
- 137c4c91
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-26
Other vendor detection
- Avira
- TR/Drop.Agent.AX.6
- Kaspersky
- Trojan.Win32.Oficla.fl
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
- Size
- 20K
- SHA-1
- 3a4da4baee16425d333269464965f5fc2190a13c
- MD5
- 15ef9538102b2832835941947f4cbe88
- CRC-32
- 39f36063
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-24