Mal/Mdrop-CL

Category: Viruses and SpywareProtection available since:09 Sep 2010 04:53:10 (GMT)
Type: Win32 wormLast Updated:09 Sep 2010 04:53:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Mdrop-CL include:

Example 1

File Information

Size
81K
SHA-1
063d92c2fc76d6196568ceb8cad418cca5062064
MD5
34a06321810ce5fc093cbcb50c65ea56
CRC-32
356f1fee
File type
application/x-ms-dos-executable
First seen
2010-09-10

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Bifrost\server.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\addons.dat
    Size
    25K
    SHA-1
    3b9989b98363624194d602212674b890de1729ce
    MD5
    5d4b7a30c9d3989c8e961c974b89e49e
    CRC-32
    c3133bd3
    File type
    application/octet-stream
    First seen
    2010-09-10
Registry Keys Created
  • HKCU\Software\Bifrost
    plg1
    ea 44 dc 02 a3 27 d7 5f 11 ad b9 07 da f2 35 03 2a 35 8e 58 1b 0e 11 94 d4 f9 0e 19 04 4f b9 af cb 5d 59 bf cd e5 bc b0 21 a8 58 eb 14 e8 13 8a ad 69 39 70 95 91 53 5e 9c 3c 53 77 15 3a 76 7a e0 ab e6 8b 8c 36 b7 2a da 05 bc f8 12 b2 8c 8a 78 0a 21 62 67 8c e1 ef 2e f6 28 c5 ff df dc f6 4d 44 bf 02 6a 81 62 d5 e5 95 90 b3 02 2a 3f eb c4 d9 ea 5c 2d c8 0d 53 3e aa 6d 50 e6 e4 e4 f3 07 a1 88 ef 20 d9 f1 42 99 29 43 c5 5b 99 d9 45 0e 89 67 b7 a1 13 ec 90 08 8a f4 97 c6 f7 44 ba e3 e1 73 99 f3 ec 1d e9 f5 75 92 c4 c3 fd a2 5e 27 48 cd 38 e8 fe 50 d8 d2 0f 43 8e 4d 65 97 44 c5 ce 00 ae 89 ba 9e e0 d8 ae e0 ef 02 d2 5a de 47 01 c4 a4 ce 27 06 82 84 2f 20 4e 30 56 d5 21 23 67 9b 2a 4f dd 7c 8a bb cf ca 8f 74 b7 3c d9 87 95 9d b2 d1 58 e3 4d 9c d4 8f 74 85 41 36 3a a0 5b aa 41
  • HKLM\SOFTWARE\Bifrost
    nck
    ed 1f f6 2f a8 64 f4 5b 38 8f 8c 74 fa 93 5b 67
DNS Requests
  • sanfour25.no-ip.biz

Example 2

File Information

Size
137K
SHA-1
0706d720becb5abc6f9dd7cfa8d451a22bdc7ad2
MD5
e1e818285097648ff42e68150edcd2b3
CRC-32
b2f907c8
File type
application/x-ms-dos-executable
First seen
2010-08-28

Example 3

File Information

Size
136K
SHA-1
0d84248208896e98cb861ec7288817ef6be2c578
MD5
19fb339ac7c15a1cb0e2d29c14bdea04
CRC-32
d02ba831
File type
application/x-ms-dos-executable
First seen
2010-09-07