Troj/Mdrop-EWV

Category: Viruses and Spyware Protection available since:05 Mar 2013 04:06:26 (GMT)
Type: Trojan Last Updated:05 Mar 2013 04:06:26 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Mdrop-EWV include:

Example 1

File Information

Size
555K
SHA-1
751713058dd570b02bef9bf57f6b725d38fc3220
MD5
3affe31d2f69cfe8f477381ecc2a9485
CRC-32
6e8c1d03
File type
Windows executable
First seen
2013-03-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Tiluyd\mazeu.irt
    Size
    477
    SHA-1
    22597e2b0ee4cbeb74a477359751db67acc32899
    MD5
    de09e46dcbcfd9acc68e0ec21f2221db
    CRC-32
    19a897c0
    File type
    Unspecified binary - probably data
    First seen
    2013-03-04
  • c:\Documents and Settings\test user\Application Data\Kiux\vemy.exe
    Size
    173K
    SHA-1
    85bd47e39f9049e3d2d2d1457c2dc0e193244eef
    MD5
    a45360024f8a32f7e9b30ad41269556d
    CRC-32
    b9e1e08e
    File type
    Windows executable
    First seen
    2013-03-04
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Kiux\vemy.exe"
  • HKCU\Software\Microsoft\Orak
    Abxuzeav
    □□□ □□□□□□□□@□□□□□0□□P□□□E□□□□□□□□l□`□□p□□□g□□□□p□□p5□□□□ T□□□□□□□ □□□=□@□□pB□p□□□□□□□□□p□□□□ □□□□□@□□□□□`\□□□□ □□□g□□□□□□□0□□□□□□p□□□□□M□P□□□m□p□□□W□□1□P□□□□□ I□ □□□□□□□□□s□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    50 9a cc d2 2d 19 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\kiux\vemy.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://ordinationplan.com/pap/cfg.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • ordinationplan.com
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
173K
SHA-1
85bd47e39f9049e3d2d2d1457c2dc0e193244eef
MD5
a45360024f8a32f7e9b30ad41269556d
CRC-32
b9e1e08e
File type
Windows executable
First seen
2013-03-04

download Try Sophos products for free
Download now