Troj/Mdrop-EXF exhibits the following characteristics:
File Information
- Size
- 1.1M
- SHA-1
- 6ff39276917d8cb7876b39bcdb58fcc0df94643d
- MD5
- fc89424a2d33ea5af3f49b02e743773b
- CRC-32
- da34ce2c
- File type
- Windows executable
- First seen
- 2013-03-03
Other vendor detection
- Kaspersky
- Trojan-Downloader.Win32.Agent.gxtu
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\Acr433A.tmp
- Size
- 358
- SHA-1
- 22c70034fba2410c7c2d3a2715eb95f4fea553e5
- MD5
- 87cacb6bab6af6fb17d0478b45d8d396
- CRC-32
- 7b11edb2
- File type
- Adobe Portable Document Format (PDF)
- First seen
- 2013-03-04
- c:\Documents and Settings\test user\Local Settings\iexplore.exe
- Size
- 15K
- SHA-1
- 28904dba741e9d0208237a9b991cf19bae17e39e
- MD5
- 3de60420845a582b0e44081b1138a7e4
- CRC-32
- 6c609daa
- File type
- Windows executable
- First seen
- 2013-03-04
- C:\bin\INDEPENDENT COST ASSESSMENT OF THE SPACE LAUNCH SYSTEM, MULTI-PURPOSE CREW VEHICLE AND 21ST CENTURY GROUND SYSTEMS PROGRAMS.PDF
- Size
- 710K
- SHA-1
- e2331ffb92d59a1c0a3d57a703de1fba4fd2d455
- MD5
- e0aa074a50e9069b6c557600f9364ffe
- CRC-32
- d0f7ccfe
- File type
- Adobe Portable Document Format (PDF)
- First seen
- 2013-03-04
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- SysTray
- c:\Documents and Settings\test user\Local Settings\iexplore.exe
Processes Created
- c:\program files\adobe\reader 8.0\reader\acrord32.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://ohb-technology.brgh.de/news/media/info.html
DNS Requests