Troj/Mdrop-EON

Category: Viruses and Spyware Protection available since:12 Oct 2012 01:53:04 (GMT)
Type: Trojan Last Updated:12 Oct 2012 01:53:04 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-EON exhibits the following characteristics:

File Information

Size
3.5M
SHA-1
c482704b1c1bc56903b428530f8c2ba9d35540f2
MD5
4ffa25477df8d872629a000892508d57
CRC-32
d7d5f7a4
File type
Windows executable
First seen
2012-10-11

Other vendor detection

Kaspersky
not-a-virus:PSWTool.Win32.PasswordRecovery.af

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Msn\Msn\keeprun.ini
    Size
    425
    SHA-1
    b0c366c8144766f394b07458a2bc817739fa4a97
    MD5
    584ca6a8c8d155bf1e577722daba4302
    CRC-32
    5992925e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\conf.reg
    Size
    771
    SHA-1
    82ce589151c9a6deac78123933bfbcbefae62403
    MD5
    91ed4d8dbb103f9acf7766596e3b67ca
    CRC-32
    fd124672
    File type
    Windows regedit file (.reg)
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\bmsn.klm
    Size
    80
    SHA-1
    64d388e27a8270f6732e590d7fee005d3b7e41e3
    MD5
    f213e1044ab3f0b1c3b72b0419fa261f
    CRC-32
    3530dea3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\SAM.bat
    Size
    1.2K
    SHA-1
    552fd3597d255f9d4151afe9a6a4bfb41ff43e23
    MD5
    13ac84f6aec9e53198168fe07d662ea9
    CRC-32
    ab0c8cc9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • C:\users\public\Public Document\image viewer.exe
    Size
    3.1M
    SHA-1
    fbc93d0390115d3033431b0504a954d8ce2af294
    MD5
    b6182c472df6211244f3a2372c98f1c5
    CRC-32
    cc87853a
    File type
    Windows executable
    First seen
    2012-02-24
  • C:\Documents and Settings\All Users\Msn\Msn\image viewer.exe
    Size
    3.1M
    SHA-1
    fbc93d0390115d3033431b0504a954d8ce2af294
    MD5
    b6182c472df6211244f3a2372c98f1c5
    CRC-32
    cc87853a
    File type
    Windows executable
    First seen
    2012-02-24
  • C:\Documents and Settings\All Users\Msn\Msn\dmsn.klm
    Size
    80
    SHA-1
    64d388e27a8270f6732e590d7fee005d3b7e41e3
    MD5
    f213e1044ab3f0b1c3b72b0419fa261f
    CRC-32
    3530dea3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\statu.bat
    Size
    205
    SHA-1
    4b94d085b5d898d98468e02c80a83504ab8f3852
    MD5
    ce154a0297059829221a3733beb287a7
    CRC-32
    47e2ac2b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\pic.gif
  • C:\Documents and Settings\All Users\Msn\Msn\viewer.bat
    Size
    1.3K
    SHA-1
    d9ccfc5da36e299a28a583a521a30f062516c0dd
    MD5
    e843d3ec78b2559a309b4d39d33e94db
    CRC-32
    fd46a44b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\view.bat
    Size
    179
    SHA-1
    6cb899c3952738b648c7cae01b6d7d923c964156
    MD5
    57a65bfe1cd1ff95642a3e79ee765ab7
    CRC-32
    8a3c1220
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFBD6D.tmp
    Size
    16K
    SHA-1
    da01dc8b965402ecc416e976674681fcd8e20db6
    MD5
    0e8cf50e9bab2ef9865a00a876f4c0bf
    CRC-32
    76844679
    File type
    Microsoft OLE2 file format
    First seen
    2012-09-27
  • C:\users\public\Public Document\dmsn.klm
    Size
    80
    SHA-1
    64d388e27a8270f6732e590d7fee005d3b7e41e3
    MD5
    f213e1044ab3f0b1c3b72b0419fa261f
    CRC-32
    3530dea3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\keeprun.ini
    Size
    425
    SHA-1
    b0c366c8144766f394b07458a2bc817739fa4a97
    MD5
    584ca6a8c8d155bf1e577722daba4302
    CRC-32
    5992925e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\view.bat
    Size
    179
    SHA-1
    6cb899c3952738b648c7cae01b6d7d923c964156
    MD5
    57a65bfe1cd1ff95642a3e79ee765ab7
    CRC-32
    8a3c1220
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\pic.bat
    Size
    55
    SHA-1
    1f05b856f4dfddedfa8a5c1b5c8ebdbe154cc76e
    MD5
    42e3eb39e92d674d474630e56af2d1cd
    CRC-32
    58a9b444
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\pic.bat
    Size
    55
    SHA-1
    1f05b856f4dfddedfa8a5c1b5c8ebdbe154cc76e
    MD5
    42e3eb39e92d674d474630e56af2d1cd
    CRC-32
    58a9b444
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\statu.bat
    Size
    205
    SHA-1
    4b94d085b5d898d98468e02c80a83504ab8f3852
    MD5
    ce154a0297059829221a3733beb287a7
    CRC-32
    47e2ac2b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\conf.reg
    Size
    771
    SHA-1
    82ce589151c9a6deac78123933bfbcbefae62403
    MD5
    91ed4d8dbb103f9acf7766596e3b67ca
    CRC-32
    fd124672
    File type
    Windows regedit file (.reg)
    First seen
    2012-10-11
  • C:\users\public\Public Document\pic.gif
  • C:\Documents and Settings\All Users\Msn\Msn\picture.bat
    Size
    397
    SHA-1
    f77440d1e0ea71827f7ac020d234e804317cab9b
    MD5
    e945d54a11a6578df84e06a57afcb0ba
    CRC-32
    6697f93a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\viewer.bat
    Size
    1.3K
    SHA-1
    d9ccfc5da36e299a28a583a521a30f062516c0dd
    MD5
    e843d3ec78b2559a309b4d39d33e94db
    CRC-32
    fd46a44b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\PIC_20121011_ _2355020 .jpg
    Size
    621
    SHA-1
    71549d5f4d5f87a466bbf64ca7e28a42ef19f17c
    MD5
    d317158b6d3a3bbc80f7936f92e403bf
    CRC-32
    9d83ba2d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-09-27
  • c:\Documents and Settings\test user\Recent\pic.gif.lnk
    Size
    717
    SHA-1
    50e347ab0be2af3a187bd2e9a90220c5f7a081c7
    MD5
    d21dc3fa0c1a4bf1010f80f039a6bedd
    CRC-32
    0a9ab8c0
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-10-11
  • C:\users\public\Public Document\bmsn.klm
    Size
    80
    SHA-1
    64d388e27a8270f6732e590d7fee005d3b7e41e3
    MD5
    f213e1044ab3f0b1c3b72b0419fa261f
    CRC-32
    3530dea3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\PIC_20121011_ _2355020 .jpeg
    Size
    552
    SHA-1
    4049e18b63ef9366dfdca2b6d21a95b17e10c850
    MD5
    018c76f717ce38df663f621515222ddf
    CRC-32
    db3f06c4
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2011-04-22
  • C:\users\public\Public Document\picture.bat
    Size
    397
    SHA-1
    f77440d1e0ea71827f7ac020d234e804317cab9b
    MD5
    e945d54a11a6578df84e06a57afcb0ba
    CRC-32
    6697f93a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\users\public\Public Document\msnw.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\Documents and Settings\All Users\Msn\Msn\SAM.bat
    Size
    1.2K
    SHA-1
    552fd3597d255f9d4151afe9a6a4bfb41ff43e23
    MD5
    13ac84f6aec9e53198168fe07d662ea9
    CRC-32
    ab0c8cc9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-10-11
  • C:\Documents and Settings\All Users\Msn\Msn\msnw.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\users\public\Public Document\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • c:\Documents and Settings\test user\Recent\Public Document.lnk
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    stat
    c:\Docume~1\AllUse~1\Msn\Msn\statu.bat
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    3
    P□□P□□ □□□□□□□□0□□□□□@□□□□□0□□P□□□□□P□□□□□@□□□□□□□□ □□□□□□□□□□□□□□□□□□u□ l□□c□□D□□c□Pm□Pn□@.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□□□0□□□□□@□□□□□0□□P□□□□□P□□□□□@□□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012101120121012
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.gif
    MRUListEx
    □□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    7
    P□□P□□ □□□□□□□□0□□□□□@□□□□□0□□P□□□□□P□□□□□@□□□□□□□□ □□□□□□□□□□□□□□□□□□u□ l□□c□□D□□c□Pm□Pn□@.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□□□0□□□□□@□□□□□0□□P□□□□□P□□□□□@□□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012100120121008
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    stat2
    c:\Docume~1\AllUse~1\Msn\Msn\statu.bat
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\documents and settings\all users\msn\msn\image viewer.exe
  • c:\documents and settings\all users\msn\msn\msnw.exe
  • c:\documents and settings\all users\msn\msn\picture viewer.exe
  • c:\windows\regedit.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ftp.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\rundll32.exe
  • c:\windows\system32\sc.exe
  • c:\windows\system32\xcopy.exe
DNS Requests
  • ftp.freehostia.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information