Troj/Mdrop-FQQ

Category: Viruses and Spyware Protection available since:19 Dec 2013 03:43:09 (GMT)
Type: Trojan Last Updated:19 Dec 2013 03:43:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Mdrop-FQQ include:

Example 1

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\offecs.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Crypt
    Description
    □□FLY□□□□□□□□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\Crypt\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\offecs.exe
DNS Requests
  • qq304888987.3322.org

Example 2

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\SoundMaxTS.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SoundMaxTS
    C:□□W□□N□@O□pS□□S□□u□□d□□a□□T□0.□Px□P □0e□ v□Pr□□□□□|□0□□□□□□□□ □□□□□@□□ □□□|□ □□□□□□□□@□□□□□@□□□□□□□□@□□ □□□□□□□□□□□ □□□□□□|□□□□□|□□□□□□□ □□□|□`□□□|□□□□□|□□□□ □□ □□□□□□□□□□□ □□□|□□□□□|□□□□□|□□□□ □□@□□□□□□□□□□□□□□ □□□□□□□□ □□□|□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□ □□□□□□|□□□□□|□□□□□□□ □□□|□`□□□|□□□□□|□□□□ □□@□□□□□□$□@□□□$□@□□□□□□□□□□□P□□□□□ □□□□□□□□@□□ □□□□□□|□□□□□□□□□□□□□□j□□|□
Processes Created
  • c:\windows\soundmaxts.exe

download Try Sophos products for free
Download now