Troj/Dloadr-DFH

Category: Viruses and SpywareProtection available since:09 Jan 2011 14:59:45 (GMT)
Type: TrojanLast Updated:09 Jan 2011 14:59:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloadr-DFH exhibits the following characteristics:

File Information

Size
48K
SHA-1
c43cdc86efde79aee5a9ea1ad32abec620dd0201
MD5
97297a8c1d72fd8ae1747ff831ce5742
CRC-32
cba5b63d
File type
application/x-ms-dos-executable
First seen
2011-01-09

Other vendor detection

Avira
TR/VB.Downloader.Gen
Kaspersky
Trojan-Downloader.Win32.VB.aeco

Runtime Analysis

Dropped Files
  • C:\Program Files\Microsoft Office\mscorsvw32.exe
    Size
    128K
    SHA-1
    d9781303e10f46c7c2f8a9b29eec0627626c7918
    MD5
    28a068f7029f82525c8b471266f0b3b3
    CRC-32
    fea91976
    File type
    application/x-ms-dos-executable
    First seen
    2011-01-09
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFF750.tmp
    Size
    16K
    SHA-1
    7d9cbdabeba0a2f6dbf0fb240679c5de0fd2c8dd
    MD5
    6e9abc9a900c537a8a7aa0b71c92c44a
    CRC-32
    c9730bcd
    File type
    application/octet-stream
    First seen
    2011-01-09
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\6c0866ed-1cd7-4aa9-83ee-1514889ffd53
    Size
    388
    SHA-1
    ab07aa01adeaa05e55dcbbd991f72af28f59f7a0
    MD5
    4808ac1001d1eb133282ab98257602d1
    CRC-32
    3cd7c509
    File type
    application/octet-stream
    First seen
    2011-01-09
  • C:\Program Files\Windows Mail\msoe32.dll
    Size
    383K
    SHA-1
    39295755b4bc9949a3cfc3a635c396b445fb225c
    MD5
    93a3a7991df3b0f9d530e9d2a1fbee04
    CRC-32
    6de87373
    File type
    application/x-ms-dos-executable
    First seen
    2011-01-09
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\e8c76afd3b86e53d6a4b975ffdd70b7a_26c19984-2a01-45b5-a7b3-a568af60c200
  • C:\Program Files\Microsoft Office\msncorelib.dll
    Size
    2.4K
    SHA-1
    ef997e98fcb1e2889e9fe1c1f998de4457b009e9
    MD5
    15b6b312087ee8a69065332c78cc8e62
    CRC-32
    f8bc4839
    File type
    application/octet-stream
    First seen
    2011-01-09
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Mscore
    C:\Program Files\Microsoft Office\mscorsvw32.exe
Processes Created
  • c:\program files\microsoft office\mscorsvw32.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://www.arq-2019.com/china/netimao
  • http://www.arq-2019.com/china/relator
  • http://www.arq-2019.com/china/rev/enc
  • http://www.arq-2019.com/china/rev/icomw
DNS Requests
  • www.arq-2019.com