Troj/Mdrop-EVA

Category: Viruses and Spyware Protection available since:08 Feb 2013 23:44:50 (GMT)
Type: Trojan Last Updated:08 Feb 2013 23:44:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-EVA exhibits the following characteristics:

File Information

Size
89K
SHA-1
884e6c645afb11e8040232d1b62f9a9cdb5b5238
MD5
94a3d9a1da6b55508a42c98cf78342a2
CRC-32
242d77ce
File type
application/x-ms-dos-executable
First seen
2013-02-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\winlogonystem.exe
    Size
    40K
    SHA-1
    50634fb90c3a5c9c0c057623ebbf02dddd790757
    MD5
    d10f6bd38fbcd2b1e951b9eafbf12ca9
    CRC-32
    34a030f2
    File type
    Windows executable
    First seen
    2013-02-08
  • C:\WINDOWS\system\live.exe
    Size
    40K
    SHA-1
    50634fb90c3a5c9c0c057623ebbf02dddd790757
    MD5
    d10f6bd38fbcd2b1e951b9eafbf12ca9
    CRC-32
    34a030f2
    File type
    Windows executable
    First seen
    2013-02-08
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    796
    SHA-1
    f450797d76fec56906d5fbb9267beab3f2655541
    MD5
    e147105a6071c0d9b90242b8685f8d10
    CRC-32
    b550a965
    File type
    Windows Codepage 1252
    First seen
    2012-08-28
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
    • Set the readonly, hidden and archive flags
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Security Center
    UACDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
    ScanWithAntiVirus
    0x00000001
  • HKCU\Software\WinRAR SFX
    C%%DOCUME~1%support%LOCALS~1%Temp
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    ConsentPromptBehaviorAdmin
    0x00000000
Processes Created
  • c:\docume~1\support\locals~1\temp\winlogonystem.exe
HTTP Requests
  • http://geoiptool.com/data.php
  • http://noobster.info/images/thumb/Bulgaria/2601F769F.jpg
DNS Requests
  • geoiptool.com
  • noobster.info

download Try Sophos products for free
Download now