Troj/Mdrop-FXF

Category: Viruses and Spyware Protection available since:31 Mar 2014 09:20:54 (GMT)
Type: Trojan Last Updated:31 Mar 2014 09:20:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FXF exhibits the following characteristics:

File Information

Size
691K
SHA-1
90a1070a4b04e8be727bca71fd95444298b60ea5
MD5
83b88721c009324ecaa462268d33af8b
CRC-32
f8e4eba0
File type
Windows executable
First seen
2014-03-31

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Uqeq\oczuh.exe
  • c:\Documents and Settings\test user\Application Data\Ydyxat\ekuv.unv
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {9225C098-75C7-6D95-ED84-343899145B9F}
    "c:\Documents and Settings\test user\Application Data\Uqeq\oczuh.exe"
  • HKCU\Software\Microsoft\Ozpiv
    Ryfeovaw
    )□□□g□0□□□□□□N□0K□`□□□'□`□□□n□□□□□m□PC□□@□`□□P%□P□□PD□P□□ m□ □□□□□□□□`□□□`□□5□@□□□□□□□□p□□□□□□K□□□□0□□□□□@□□□□□□□□□@□□□□pQ□□□□`□□□□□□w□□□□pw□□w□□□□ I□@□□□□□□P□0"□□f□□□□ □□□m□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    68 fe d8 fb 9c 4c cf 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\uqeq\oczuh.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://netatekstil.com/ksit/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • netatekstil.com
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now