Troj/Mdrop-FRB

Categoria: Virus e spyware Opzioni di protezione ora disponibili:23 dic 2013 18:56:55 (GMT)
Tipo: Trojan Ultimo aggiornamento:23 dic 2013 18:56:55 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/Mdrop-FRB include:

Example 1

File Information

Size
979K
SHA-1
9b3026eab7a37cbafd1503bf7ddc11ed3cb043a9
MD5
f38e0f944520cc1e65ec0656d91e3603
CRC-32
7f35aa47
File type
Windows executable
First seen
2013-12-23

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    javaa
    c:\Documents and Settings\test user\Local Settings\Temp\javaa\javaa.exe

Example 2

File Information

Size
2.8M
SHA-1
dd2f2804b8ec31e88c519fa01be0774297e9460d
MD5
7007a7b20922ce4f1ed0106d30979fe5
CRC-32
c6b976dc
File type
Windows executable
First seen
2013-12-23

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\window updates\window updates.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\secure\secure.exe
    Size
    586K
    SHA-1
    ebcb1b5fc090af7c64839b2d1bf1bfbfd92ffd15
    MD5
    ff2444210e7fa646b5ee1823219b3ba6
    CRC-32
    e9e373f5
    File type
    Windows executable
    First seen
    2013-12-23
  • c:\Documents and Settings\test user\Local Settings\Temp\Ajjee.exe
    Size
    979K
    SHA-1
    9b3026eab7a37cbafd1503bf7ddc11ed3cb043a9
    MD5
    f38e0f944520cc1e65ec0656d91e3603
    CRC-32
    7f35aa47
    File type
    Windows executable
    First seen
    2013-12-23
  • c:\Documents and Settings\test user\Local Settings\Temp\javaa\javaa.exe
    Size
    979K
    SHA-1
    9b3026eab7a37cbafd1503bf7ddc11ed3cb043a9
    MD5
    f38e0f944520cc1e65ec0656d91e3603
    CRC-32
    7f35aa47
    File type
    Windows executable
    First seen
    2013-12-23
  • c:\Documents and Settings\test user\Local Settings\Temp\aje.exe
    Size
    586K
    SHA-1
    ebcb1b5fc090af7c64839b2d1bf1bfbfd92ffd15
    MD5
    ff2444210e7fa646b5ee1823219b3ba6
    CRC-32
    e9e373f5
    File type
    Windows executable
    First seen
    2013-12-23
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Ajjee.exe
    Size
    979K
    SHA-1
    9b3026eab7a37cbafd1503bf7ddc11ed3cb043a9
    MD5
    f38e0f944520cc1e65ec0656d91e3603
    CRC-32
    7f35aa47
    File type
    Windows executable
    First seen
    2013-12-23
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    secure
    c:\Documents and Settings\test user\Local Settings\Temp\secure\secure.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\aje.exe
  • c:\docume~1\support\locals~1\temp\ajjee.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://iccconsultant.all.co.uk/index.php
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • iccconsultant.all.co.uk
  • smtp.gmail.com
  • www.myip.ru

Example 3

File Information

Size
586K
SHA-1
ebcb1b5fc090af7c64839b2d1bf1bfbfd92ffd15
MD5
ff2444210e7fa646b5ee1823219b3ba6
CRC-32
e9e373f5
File type
Windows executable
First seen
2013-12-23

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    secure
    c:\Documents and Settings\test user\Local Settings\Temp\secure\secure.exe
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
HTTP Requests
  • http://iccconsultant.all.co.uk/index.php
DNS Requests
  • iccconsultant.all.co.uk

scarica Prova gratuita dei prodotti Sophos
Scarica subito