Troj/Mdrop-FWT

Category: Viruses and Spyware Protection available since:22 Mar 2014 06:32:39 (GMT)
Type: Trojan Last Updated:22 Mar 2014 06:32:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FWT exhibits the following characteristics:

File Information

Size
1.4M
SHA-1
bdfe8c3c1398bf4fcbb96c7e6356f12872c064f0
MD5
635771b1133e1134ab4b4e2f3f7edbad
CRC-32
212e977a
File type
Windows executable
First seen
2014-03-21

Runtime Analysis

Dropped Files
  • C:\WINDOWS\Temp\ETYDWRZA\Comdlg32.ocx
  • C:\WINDOWS\Temp\ETYDWRZA\MSCOMCT2.OCX
  • C:\WINDOWS\Temp\ETYDWRZA\Mscomctl.ocx
  • C:\WINDOWS\Temp\ETYDWRZA\wLmYYv
    Size
    222K
    SHA-1
    4ba85d54c3b510c8ad113ffd170e2523ef792ca3
    MD5
    fd91165ddb75594448eb9469a3fc795b
    CRC-32
    c1db2f07
    File type
    Unspecified binary - probably data
    First seen
    2014-03-22
  • C:\WINDOWS\Temp\ETYDWRZA\GNZOIBKC.exe
    Size
    1.2M
    SHA-1
    cd0fc9654387cbf2cf4e560b90e62287ce465a25
    MD5
    fbcabd356699162aed41631e18eed0b9
    CRC-32
    866894b4
    First seen
    2014-03-22
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7814548700CC26C522408210E6969AC01679A14A
    Blob
    \□□□□□□□□□□□@□□□□□□□□□□□@□□□□□□□□□□□@□□□□□@v□□□□□A□□□□`□□`y□□□□0b□`x□□□□@□□□□□□□□□□□□□□□□□□r□`□□□□□□□□□□@`□□-□□y□0□□□□□□□□□□□@□□□□□□□□@□□□□□`□□ @□ □□`□□□□□`y□□J□□□□□□□□□□□□□@□□□□□□□□`□□□j□□□□□□□□`□□E□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□ q□□□@□□□□□□□□□□□□□□□□□□□□□□□□□□P□□□□□□□□P□□□□□0□□□□□ □□ □□□□□□□□□ □□Y□ Z□□□□`□□□□□□□□p□□□□□P□□□0□p1□□0□□□□0U□@□□0□□PS□□□□□□□`□□P□□□□□□S□□m□P-□0t□□t□P1□ 0□□□□0U□@□□□□□□i□0r□□s□□f□@1□□0□p□□0U□@□□□□□□i□0r□□s□□f□@.□0o□□.□@r□□$□□"□`□□□□□□□□p□□□□□□□□Ps□Pp□□o□ t□□m□□c□ o□0o□`t□□c□□m□□□□p□□□4□□2□ 1□□8□ 3□□1□□□□□1□P0□ 2□□1□□2□01□□Z□□w□□□□□□□`□□P□□`□□ U□01□00□□□□0U□@□□□□□0o□□e□□S□@a□@e□□□□□□□`□□P□□□□□□M□□c□ o□0o□`t□□□□□□□`□□P□□0□□□m□□c□ o□0o□`t□□c□□m□□t□ 1□@0□ □□□*□`H□`□□□□□□□□`□□0u□□p□□r□@@□□i□0r□□s□□f□@.□0o□□0□ □□ 0□□□□□*□`H□`□□□□□□□□P□□ [... 1530 intervening characters ...] `:□□t□□~□□/□□□□□□□0!□ □□`9□□R□0□□□□□□□□□□□□□□□□□@2□@□□□□□0□□□□□□□□p"□□□□`□□□□□pK□@□□□□□□N□□□□□□□□□□□`□□S□□□□`□□`□□□□□□P□`□□PM□@□□□1□□□□□□□□□□□□`j□□□□`□□□H□□□□@□□py□@Z□@_□0□□□□□□□□□□□□b□□□□□□□
Processes Created
  • c:\windows\temp\etydwrza\gnzoibkc.exe

download Try Sophos products for free
Download now