Troj/Mdrop-GAV

Category: Viruses and Spyware Protection available since:04 Jun 2014 20:27:45 (GMT)
Type: Trojan Last Updated:04 Jun 2014 20:27:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-GAV exhibits the following characteristics:

File Information

Size
211K
SHA-1
9fd4f30bfe5398da112aba5abaad9ef1fa071d77
MD5
c928d04c9617bac12725d909edcf72cb
CRC-32
33800e9c
File type
Windows executable
First seen
2014-06-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\My Documents\My Videos\Desktop.ini
Registry Keys Created
  • HKCU\Software\Win7zip
    Uuid
    □□□□Q□□□□PK□0r□ □□□U□□□□
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
    Debugger
    jnmhzd.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    adminkey
    "C:\Program Files\Common Files\folder\ifbxqllff.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    My Video
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifbxqllff.exe
    DisableExceptionChainValidation
  • HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{DFF92C51-6A07-954B-A372-7213085508DD}\140703D5\CW1
    1528
    □□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    adminkey
    "C:\Program Files\Common Files\folder\ifbxqllff.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe:*:Enabled
  • HKEY_USERS\S-1-5-20_Classes\CLSID\{DFF92C51-6A07-954B-A372-7213085508DD}\140703D5\CW1
    1528
    □□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Startup
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    My Video
    c:\Documents and Settings\test user\My Documents\My Videos
Processes Created
  • c:\windows\explorer.exe
DNS Requests
  • gongotraa.com
  • microsoft.com

download Try Sophos products for free
Download now