Troj/Mdrop-FGA

Category: Viruses and Spyware Protection available since:07 Aug 2013 08:37:16 (GMT)
Type: Trojan Last Updated:07 Aug 2013 08:37:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FGA exhibits the following characteristics:

File Information

Size
136K
SHA-1
0698f60de120c078a8ab87de63b4be277d2048c4
MD5
a5022e4d89e987d541c5e1673a96213f
CRC-32
1e96b915
File type
Windows executable
First seen
2013-08-06

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\fodonij.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\fodonij.dat
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\jinodof.js
    Size
    3.2K
    SHA-1
    df15d673800755985909116622d28172ae96b69e
    MD5
    3198bb52c1577d5c56c96937e71cd35f
    CRC-32
    abd4b503
    File type
    JavaScript
    First seen
    2013-08-06
  • c:\Documents and Settings\test user\Local Settings\Temp\jinodof.pad
    Size
    91M
    SHA-1
    ee26ca1363f9616ebb95467aa84fcfe3a158816f
    MD5
    5b1cc8224e79a3c63aeaebb9823ae709
    CRC-32
    cefc5b16
    File type
    Unspecified binary - probably data
    First seen
    2013-08-06
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\jinodof.lnk
    Size
    806
    SHA-1
    5f1b5bab6def643a28bbc7bd98000b0ab3dd0485
    MD5
    9d7ef805c6ca69ebc96f15f150d8f7ca
    CRC-32
    00f3d758
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-08-06
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\windows\system32\rundll32.exe
IP Connections
  • 64.191.122.10:80

download Try Sophos products for free
Download now