Troj/Mdrop-CWS

Category: Viruses and Spyware Protection available since:02 Sep 2010 04:20:40 (GMT)
Type: Trojan Last Updated:02 Sep 2010 04:20:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-CWS exhibits the following characteristics:

File Information

Size
130K
SHA-1
692aebee9149cf25b70da842456c16b3e5553085
MD5
98c2327ab98096861171ae4f6846e662
CRC-32
dc57ada1
File type
application/x-ms-dos-executable
First seen
2010-09-02

Other vendor detection

Avira
TR/Dropper.Gen2

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~nsu.tmp\Au_.exe
  • c:\Documents and Settings\test user\Templates\ico5.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\grt.ico
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090220100903
    CacheOptions
    0x0000000b
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010081620100823
    CacheOptions
    0x0000000b
Processes Created
  • c:\docume~1\support\locals~1\temp\undelfile.exe
  • c:\docume~1\support\locals~1\temp\~nsu.tmp\au_.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://down.lzsys.net.cn/fox/ico5.htm
  • http://down.lzsys.net.cn/fox/ico6.htm
  • http://down.tian-kong.com/install/meng.html
DNS Requests
  • down.lzsys.net.cn
  • down.tian-kong.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy