Troj/Mdrop-DUR exhibits the following characteristics:
Runtime Analysis
Dropped Files
- C:\WINDOWS\system32\ntusbw32.dll
- c:\Documents and Settings\test user\Local Settings\Temp\v31121.exe
- C:\WINDOWS\system32\inusbw32.dll
Registry Keys Created
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnPostRedirect
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main
- Play_Animations
- no
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnPostRedirect
- 0x00000000
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
- intelusbs3
- intelusb3
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International
- W2KLpk
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
- Error Dlg Displayed On Every Error
- no
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ntusbw32
- DllName
- ntusbw32.dll
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International\CpMRU
- Enable
- 0x00000001
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\International\CpMRU
- Enable
- 0x00000001
Registry Keys Modified
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- Cache
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1805
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- Desktop
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A05
- 0x00000000
Processes Created
- c:\windows\system32\cmd.exe
- c:\windows\system32\svchost.exe