Troj/Mdrop-CXG exhibits the following characteristics:
File Information
- Size
- 1.1M
- SHA-1
- 6e6db86ae3a90806817b85e7e3b081f49add4af8
- MD5
- a5632592599a9239640d928464dee11d
- CRC-32
- 8e315978
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-09
Runtime Analysis
Dropped Files
- C:\WINDOWS\system32\imm3232.dll
- Size
- 309K
- SHA-1
- 169a9463a4fc4c0dbcc149558c8532df69201928
- MD5
- 8da16046a5cb4012c5e001eb89c3cc6d
- CRC-32
- 73cc6949
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-09
- c:\Documents and Settings\test user\Application Data\02000000a6375e3f1003S.manifest
- c:\Documents and Settings\test user\Application Data\02000000a6375e3f1003C.manifest
- C:\WINDOWS\system32\2.tmp
- Size
- 1.1M
- SHA-1
- ab94af00357e37899dd1aefd631fac45debf660d
- MD5
- 43606f7ae4468a629be78d8a8f037503
- CRC-32
- b026005a
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-08
- C:\WINDOWS\system32\ils32.dll
- Size
- 204K
- SHA-1
- 30193b67636965c7f745b7b32ce915e7cff303d3
- MD5
- f1a408144089c03a25cb9928f0452ef2
- CRC-32
- 5b1be4ab
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-09
- c:\Documents and Settings\test user\Application Data\02000000a6375e3f1003O.manifest
- Size
- 138
- SHA-1
- 3594d7ecf85b55dc8ccfc6dadb170a2b5e61ccb9
- MD5
- 327ad7b3587a7dc036b3de42a546a05d
- CRC-32
- 41e96c06
- File type
- application/octet-stream
- First seen
- 2010-09-09
- C:\WINDOWS\system32\dgsetup32.dll
- Size
- 130K
- SHA-1
- f6290760db31ff40c638f1b59ebc0f9f61c8c834
- MD5
- 3b75f8cc6ecef17b084a4098bab6861e
- CRC-32
- 00e85797
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-09
- c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
- Size
- 135K
- SHA-1
- bea5c8d19731d2d9263e2b6c46ef005b4efdf704
- MD5
- ab49eaf11f321fc52c4ad56cd8aa3ed2
- CRC-32
- 861dc6b2
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-08
- C:\WINDOWS\system32\dot3cfg32.dll
- Size
- 308K
- SHA-1
- 88561a86a27f646a012bdd2f44350dfa0dff4ac7
- MD5
- cea76005b9e2d59864fd23c46806d07e
- CRC-32
- 1b2abfce
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-08
- c:\Documents and Settings\test user\Application Data\02000000a6375e3f1003P.manifest
- Size
- 3.6K
- SHA-1
- 7943af4654a9d669b17e78cfa984667f2b94ffca
- MD5
- 5b021914e0e6504c78f57b2aaf21f867
- CRC-32
- 856b5986
- File type
- application/octet-stream
- First seen
- 2010-09-08
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
- EnableFileTracing
- 0x00000000
- HKEY_USERS\S-1-5-19_Classes\Software\Zghypcxhle\CLSID
- (Default)
- {3233142c-9b4a-4ed8-8a77-20cc3fbe41ba}
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- C:\WINDOWS\explorer.exe
- C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell
- HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main
- XMLHTTP_UUID_Default
- 4e 7a 61 71 e2 27 d6 49 99 5a c8 8e 1d 87 6d 59
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main
- XMLHTTP_UUID_Default
- 4e 7a 61 71 e2 27 d6 49 99 5a c8 8e 1d 87 6d 59
- HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main
- XMLHTTP_UUID_Default
- 4e 7a 61 71 e2 27 d6 49 99 5a c8 8e 1d 87 6d 59
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\601f769f1003
- Startup
- EventStartup
- HKCU\Software
- 601f769f
- HKEY_USERS\.DEFAULT\Software\Zghypcxhle\CLSID
- (Default)
- {3233142c-9b4a-4ed8-8a77-20cc3fbe41ba}
- HKEY_USERS\S-1-5-19\Software\Classes\Software\Zghypcxhle\CLSID
- (Default)
- {3233142c-9b4a-4ed8-8a77-20cc3fbe41ba}
- HKCR\Zghypcxhle\CLSID
- (Default)
- {3233142c-9b4a-4ed8-8a77-20cc3fbe41ba}
- HKCR\CLSID\{4E69A0FB-0A17-4F6F-BE46-9437A17D9820}\InprocServer32
- ThreadingModel
- Both
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
- XMLHTTP_UUID_Default
- 4e 7a 61 71 e2 27 d6 49 99 5a c8 8e 1d 87 6d 59
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
- C:\WINDOWS\explorer.exe
- C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell
- HKCU\Software\Zghypcxhle\CLSID
- (Default)
- {3233142c-9b4a-4ed8-8a77-20cc3fbe41ba}
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
- LoadAppInit_DLLs
- 0x00000001
- HKCU\Software\Microsoft\Internet Explorer\Main
- XMLHTTP_UUID_Default
- 4e 7a 61 71 e2 27 d6 49 99 5a c8 8e 1d 87 6d 59
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
- 601f769f
- b0 91 34 a2 24 50 cb 01
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent
- Active
- 0x00000001
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
- LogSessionName
- stdout
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
- AppInit_DLLs
- C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL,C:\WINDOWS\system32\ils32.dll
Processes Created
- c:\docume~1\support\locals~1\temp\4.tmp
- c:\windows\system32\netsh.exe
HTTP Requests
- http://89.187.53.210/cookie/mJKV_1RRUbIdfOeQefUcPcPPYIcIORfaQdQeTE-6XBB_1WQQT-6GF5_1SW-tWQQR-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ_fTW-62BG_1Q-672V_1WQQR-6D85_1W-6N8J_1Q-6252_1EQYI-69LV_1-65GZ_1W-6N54_1YPP-6
- http://94.75.236.74/cdn/ppx144415070
- http://94.75.236.74/index/fs0907c385146306
- http://94.75.236.74/index/vf0907c815353422
IP Connections
- 89.187.53.210:80
- 94.75.236.74:80