Troj/Mdrop-FWD

Category: Viruses and Spyware Protection available since:13 Mar 2014 15:38:19 (GMT)
Type: Trojan Last Updated:13 Mar 2014 15:38:19 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FWD exhibits the following characteristics:

File Information

File type
application/x-ms-dos-executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Deas\upsye.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\dyar.ozo
Registry Keys Created
  • HKCU\Software\WinRAR
    5F402A5057FEF09B07C9EFA03523D37E
    tr□Pe□
  • HKCU\Software\Microsoft\Osaxyweqgoak
    9432gbi
    $g□□□□ L□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Eradw
    "c:\Documents and Settings\test user\Local Settings\Temp\Exkiik\eradw.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\isapnp
    Tag
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC
    Tag
    0x00000006
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPI
    Tag
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\PCI
    Tag
    0x00000003
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\deas\upsye.exe
  • c:\Documents and Settings\test user\local settings\temp\exkiik\eradw.exe
  • c:\docume~1\support\locals~1\temp\128984.exe
  • c:\docume~1\support\locals~1\temp\138921.exe
  • c:\docume~1\support\locals~1\temp\147875.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://62.76.190.140/p2p/1.exe
  • http://62.76.190.140/p2p/2.exe
  • http://62.76.190.140/p2p/3.exe
IP Connections
  • 115.126.143.176:9551
  • 121.6.40.64:5693
  • 174.95.148.169:6781
  • 180.32.45.40:6589
  • 181.28.56.2:4283
  • 50.100.208.136:8656
  • 62.76.179.74:80
  • 62.76.190.140:80
  • 81.134.111.58:2058
  • 99.122.66.193:2453

download Try Sophos products for free
Download now