Troj/Mdrop-ETR

Category: Viruses and Spyware Protection available since:20 Jan 2013 22:59:59 (GMT)
Type: Trojan Last Updated:20 Jan 2013 22:59:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-ETR exhibits the following characteristics:

File Information

Size
150K
SHA-1
56ab660fdd0fde9537a07c8ff313de9cdec5e8ec
MD5
991a758ed3378cd739e8bf0328475053
CRC-32
9d0d61f0
File type
Windows executable
First seen
2013-01-20

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\Piriform\uyrpengx.dll
    Size
    296K
    SHA-1
    41ba7272ab2acf5745945700301755e4ed2811df
    MD5
    3bed55584114ae905c8f66926174fe02
    CRC-32
    70c97df7
    File type
    Windows executable
    First seen
    2013-01-20
Registry Keys Created
  • HKCU\Software\Piriform
    {89775F8E-69D8-D481-66A4-497EA2EDF109}
    □S□□□□P□□P□□`□□p□□□)□□B□□□□□□□□□□`□□□q□□□□□]□`9□□□□□□□PJ□Pv□□,□`□□`d□□□□□□□□:□P□□@□□□L□ □□p!□□j□□C□□Y□pf□□□□□□□□□□@□□□□□0□□□F□□□□P□□p□□□□□□5□□□□P"□`W□□□□□□□□□□P□□□I□`□□□□□□□□ n□0J□P□□□^□`□□□i□ □□□$□0□□ K□□i□□{□□□□0□□@2□□□□P□□□4□□S□□$□□□□p□□□l□□□□P□□□□□□□□□□□ □□0%□`□□□□□0□□□□□□□□□□□ □□□(□□O□□□□ □□`□□□□□□'□□□□ I□□Q□0i□□□□□□□□?□□□□0□□□□□P□□□l□□|□□□□□□□P8□□□□□□□P□□p□□□~□`□□PA□□□□□□□@□□□□□□□□□"□□W□□□□□□□@□□`%□@]□`□□□L□□□□□□□□[□□□□@T□□□□□_□p□□0□□p8□@l□□□□□d□□□□□□□□□□□□□□□□□□□0□□□□□p□□p5□p□□ □□□□□□|□□!□@□□0□□P□□□R□□|□□'□□□□pU□`□□□□□ □□0□□`h□□T□0□□□□□□□□□<□□□□pd□□□□□□□0□□0>□@□□□m□0&□□W□□=□PX□`□□□□□□m□07□@*□P□□□□□□□□□m□□@□□2□□□□□□□□□□0>□□z□@:□P□□□z□PH□□□□□7□□□□@□□□o□□□□□□□□D□□'□□K□□S□□8□□□□`□□`□□□□□□V□0□□□□□□□□□□□@□□□K□□□□`□□□□□`k□`□□0□□□□□□□□□q□p*□P□□□□□ □□□(□□□□□□□ [... 8334 intervening characters ...] `□□□□□□1□PG□□R□□`□ □□□x□p□□□'□□E□p*□`□□@□□0□□□□□□m□□~□□[□□|□□□□□□□Pf□□m□□□□□□□□□□`□□`□□□1□`,□□G□□□□`□□`,□□!□0□□`□□□□□ [□P_□0□□□□□□□□□□□□□□□w□□x□`□□ □□@□□0v□□□□@z□□□□□t□PM□□□□□□□□□□□□□□□□□□□□#□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Piriform
    RU□□D□□L□02□□E□□E□□"□0:□□D□□c□Pm□Pn□@s□□a□□d□□S□Pt□@i□□g□0\□0u□□p□□r□@\□□o□0a□□ □0e□@t□□n□ps□□A□□p□□i□0a□@i□□n□□D□□t□□\□□i□ i□`o□ m□□u□□r□□e□□g□□.□@l□□"□□N□`H□@A□@l□pP□ o□0□□□□□□□□□□□□□□□□□□□□□□□□
Processes Created
  • c:\windows\system32\rundll32.exe

download Try Sophos products for free
Download now