Troj/Mdrop-FKE

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Trojan Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FKE exhibits the following characteristics:

File Information

Size
829K
SHA-1
c99cbcf820c44cf8e000724a5344332ade1ddd68
MD5
13438e1ad964c631ea614f67ee65c919
CRC-32
d35bcf76
File type
Windows executable
First seen
2013-09-25

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\winhv.exe
Dropped Files
  • c:\Documents and Settings\test user\My Documents\MSDCSC\msdcsc.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\HdAudio.exe
    Size
    10K
    SHA-1
    fc084e71202ba4d24bf55d19919a617bc4d71b3f
    MD5
    e855ed9879f99f2af7967c4e3a6fa5ad
    CRC-32
    48cc32be
    File type
    Windows executable
    First seen
    2013-09-24
Modified Files
  • %WINDOWS%\Microsoft.NET\Framework\v2.0.50727
    • Set the hidden and system flags
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MicroUpdate
    c:\Documents and Settings\test user\My Documents\MSDCSC\msdcsc.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,c:\Documents and Settings\test user\My Documents\MSDCSC\msdcsc.exe
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\windows\hdaudio.exe
  • c:\Documents and Settings\test user\my documents\msdcsc\msdcsc.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\notepad.exe
DNS Requests
  • carlosscott.zapto.org

download Try Sophos products for free
Download now