Troj/Mdrop-EML exhibits the following characteristics:
File Information
- Size
- 2.0M
- SHA-1
- 8a4cd0c7b014092e36ad710636944f652ad7c7b9
- MD5
- 02a1cbb8b30f6819a1b4d5991897ba55
- CRC-32
- 4012980e
- File type
- application/x-ms-dos-executable
- First seen
- 2012-09-11
Runtime Analysis
Dropped Files
- C:\Program Files\FlashPlayer11.02\Uninstall\uninstall.dat
- Size
- 88K
- SHA-1
- d412daa0aae0a589c707e9b9c9c6e73043b4760a
- MD5
- 0a98a0252520e816c3cd9f7883a71481
- CRC-32
- 10d5e039
- File type
- Unspecified binary - probably data
- First seen
- 2012-09-12
- C:\Program Files\FlashPlayer11.02\Uninstall\IRIMG2.JPG
- c:\Documents and Settings\test user\Application Data\973776.exe
- Size
- 7.0K
- SHA-1
- 169d76b7678f29ca5bcaaa15cc005c7e64c9c978
- MD5
- 79b56c709708bc9e0223a522ab06e106
- CRC-32
- 47ce1bf3
- File type
- Windows executable
- First seen
- 2012-09-12
- c:\Documents and Settings\test user\Application Data\RES.exe
- Size
- 1.5K
- SHA-1
- bde084ea60646dadabfed4eafe5bafceb4c11b99
- MD5
- f54b30f21b7b118bfeda2b1ed3482f84
- CRC-32
- 2ec53502
- File type
- Windows executable
- First seen
- 2012-08-21
- C:\WINDOWS\wmrss.exe
- Size
- 240K
- SHA-1
- 1df5b934905a4d0e0862e1069c4e3e94e6d6eb2a
- MD5
- 28ce5f2e3296eef862f2b24ba159a58b
- CRC-32
- c9981d80
- File type
- Windows executable
- First seen
- 2012-09-10
- c:\Documents and Settings\test user\Local Settings\Temp\FlashPlayer11.02 Setup Log.txt
- Size
- 4.9K
- SHA-1
- f50152215521933b505be92b6aeb64be747d497f
- MD5
- 4a3a8fe6ba2c69b73981548446961cc2
- CRC-32
- 29ec07d0
- File type
- Configuration Data File (generic)
- First seen
- 2012-09-12
- C:\Program Files\FlashPlayer11.02\uninstall.exe
- Size
- 1.3M
- SHA-1
- f094c2140ad7e11e9d1fb0ca485866a2c8860075
- MD5
- d2ea8141ca728ec537e818aa388d9f85
- CRC-32
- 8a3c6fdd
- File type
- Windows executable
- First seen
- 2012-01-25
- C:\Program Files\FlashPlayer11.02\lua5.1.dll
- Size
- 319K
- SHA-1
- 59c60529a739c337843b351c8058082afb3edc54
- MD5
- 98bf508c6c2087d0c53374c3af38e7a7
- CRC-32
- 195ae57f
- File type
- Windows executable
- First seen
- 2012-01-04
- C:\Program Files\FlashPlayer11.02\Uninstall\IRIMG1.JPG
- Size
- 2.4K
- SHA-1
- 85f624debcefd45fdfdf559ac2510a7d1501b412
- MD5
- 3220a6aefb4fc719cc8849f060859169
- CRC-32
- 3ece3c94
- File type
- JPEG Interchange Format
- First seen
- 2011-02-20
- C:\Program Files\FlashPlayer11.02\tm.exe
- Size
- 168K
- SHA-1
- 25259850cbbc7ad7b248dec7b5f93cf680beac1c
- MD5
- 024ee19a2b6a75b503e194367714f12c
- CRC-32
- ee8e61dc
- File type
- application/x-ms-dos-executable
- First seen
- 2012-09-08
- C:\Program Files\FlashPlayer11.02\Uninstall\uninstall.xml
- Size
- 6.9K
- SHA-1
- 597baf0ebfe5679d315c7c0ad622135614224d18
- MD5
- f1dff29d5f29ab65a94b57d1d946e9a6
- CRC-32
- cb75cdb8
- File type
- Extensible Markup Language (XML)
- First seen
- 2012-09-12
- c:\Documents and Settings\test user\Start Menu\Programs\FlashPlayer11.02\ FlashPlayer.lnk
- Size
- 1.6K
- SHA-1
- 14c983c09f493384097c72a528dc0b615d807d24
- MD5
- 8660cee6a350c1766ea21dc64f1f9e89
- CRC-32
- f11701f7
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-09-12
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashPlayer11.0211.02
- DisplayIcon
- "C:\Program Files\FlashPlayer11.02\uninstall.exe"
- HKLM\SOFTWARE\Microsoft\slayer616wasd
- UID
- {280084CC-76DC-4B25-8A89-37953E0F2388}
Processes Created
- c:\Documents and Settings\test user\application data\res.exe
- c:\docume~1\support\locals~1\temp\_ir_sf_temp_0\irsetup.exe
- c:\program files\flashplayer11.02\tm.exe
- c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
- c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
- c:\windows\wmrss.exe
DNS Requests