Troj/Mdrop-DKE exhibits the following characteristics:
File Information
- Size
- 36K
- SHA-1
- 2c95044e032e095523abf45bb9818c6e83e19076
- MD5
- 91b24ac413b0b868782eac1d191f1831
- CRC-32
- 69806359
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\appMaindb\fxapimm.dll
- Size
- 84K
- SHA-1
- a9d539eedfd4fa689734db53a1bc1189c524e0a8
- MD5
- dfb044c38f73e69f0d387657678807a5
- CRC-32
- 0e084645
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
- c:\Documents and Settings\test user\Application Data\247468\pdmn2.exe
- Size
- 90K
- SHA-1
- c38251ec3abe1e164877568cc4fc0cecbf2e5a08
- MD5
- 4e0ece59bee8450cae4799f0422722b9
- CRC-32
- 5b44a5ca
- File type
- application/x-ms-dos-executable
- First seen
- 2011-04-16
- c:\Documents and Settings\test user\Application Data\247468\mscj2.exe
- Size
- 136K
- SHA-1
- 332227f2f97e6fe9e40bfbbcc91cd85ffab418ea
- MD5
- 12f708f3af9649bf0070cc3431c699f2
- CRC-32
- f7c55b86
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-04
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- fxapimm
- rundll32.exe "c:\Documents and Settings\test user\Local Settings\Application Data\appMaindb\fxapimm.dll",rasHelpCtrl wmiUserRpl
- HKCU_Classes\CLSID\{860d17c0-d01f-4a71-8974-a75840747ad6}
- AgereMainCmds
- 20000OwDUzJaBgUWXICHp.hnuf7
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011041620110417
- CacheLimit
- 0x00002000
Processes Created
- c:\documents and settings\support\application data\247468\pdmn2.exe
- c:\windows\system32\rundll32.exe
HTTP Requests
- http://freeme2host.co.cc/images/b/255.gif
- http://freeme2host.co.cc/images/index4.php
- http://freeme2host.co.cc/images/pdmn/pdmn201104161714.jpg
DNS Requests