Troj/Mdrop-DGS exhibits the following characteristics:
File Information
- Size
- 201K
- SHA-1
- 76c1970e7a42998cc8e6739abdb9a3c67513970b
- MD5
- aed91d2ce72140056f2dfab44cb9baf1
- CRC-32
- 403f3f10
- File type
- application/x-ms-dos-executable
- First seen
- 2011-02-23
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\486b5d8d-8ac4-472a-8912-2995beb539b3
- Size
- 388
- SHA-1
- 344bafeb56a876ef016a63d07c81de35f8711d97
- MD5
- 03fca1fcb99b3b0bcdd01ef37325910d
- CRC-32
- 7bec3a24
- File type
- application/octet-stream
- First seen
- 2011-02-23
- c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\f87e26db85ab04461d0f241563b72a42_26c19984-2a01-45b5-a7b3-a568af60c200
- c:\Documents and Settings\test user\Local Settings\Temp\upg2.tmp
- Size
- 203K
- SHA-1
- 07d56d72b48724098383ea020643a57c26d7aa58
- MD5
- 4ff90ea3d77eff35f803877ffbb8a4b7
- CRC-32
- 06d1e333
- File type
- application/x-ms-dos-executable
- First seen
- 2011-02-23
Modified Files
- %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
- Changed the file contents
- %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
- %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
Processes Created
- c:\docume~1\support\locals~1\temp\upg2.tmp
HTTP Requests
- http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
- http://crl.verisign.com/pca3.crl
- http://ics.hotbar.com/InstallUI/HBLiteIndirectUI01/171/index.htm
- http://img.secure-softwaremanager.com/uci/software/logo/openoffice.jpg
- http://img.secure-softwaremanager.com/uci/software/top.gif
- http://js.secure-softwaremanager.com/uci/software.js
- http://origin-ics.hotbar.com/IC/GPLHBLite39/13958/0/fde3527a-6a3f-4578-a79a-0f8a5ae7854f/OpenOfficeSetup.exe
- http://tattooyou.freelandmedia.com/downloads/bb/bb/aa.htm
- http://tattooyou.freelandmedia.com/downloads/dd/dd/dd.txt
- http://uci.secure-softwaremanager.com/generate/software/
DNS Requests
- config.hotbar.com
- crl.verisign.com
- csc3-2004-crl.verisign.com
- cts.hotbar.com
- ics.hotbar.com
- img.secure-softwaremanager.com
- js.secure-softwaremanager.com
- origin-ics.hotbar.com
- tattooyou.freelandmedia.com
- uci.secure-softwaremanager.com