Troj/Mdrop-EAA

Category: Viruses and SpywareProtection available since:13 Mar 2012 02:13:36 (GMT)
Type: TrojanLast Updated:13 Mar 2012 02:13:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-EAA exhibits the following characteristics:

File Information

Size
595K
SHA-1
2c94276c8ca805ab3abc894fd6bdd1d9dcdd7f42
MD5
1d0ec0b98711856bd8a2b825e9203183
CRC-32
f6635b03
File type
application/x-ms-dos-executable
First seen
2012-03-07

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Macromidia\alg.exe
Dropped Files
  • C:\WINDOWS\system32\drivers\hp3900.sys
    Size
    3.4K
    SHA-1
    3a29d710b8bb80499be5732dac67384bf81cb38e
    MD5
    4b21ee2809efffa3306b1c700f27f582
    CRC-32
    91d27c37
    File type
    application/x-ms-dos-executable
    First seen
    2012-03-07
  • C:\WINDOWS\system32\drivers\etc\kerneldump
  • C:\WINDOWS\system32\drivers\agroio.sys
    Size
    25K
    SHA-1
    626309058b98696d044ab003a16e9e3852d596d5
    MD5
    d7eb9ee5e345a75f240f75dd7fb18859
    CRC-32
    e0708470
    File type
    application/x-ms-dos-executable
    First seen
    2012-03-07
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\hp3900
    ImagePath
    system32\drivers\hp3900.sys
  • HKLM\SYSTEM\CurrentControlSet\Services\agroio
    DisplayName
    agroio
  • HKLM\SYSTEM\CurrentControlSet\Services\agroio\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    AutoConfigURL
    http://202.76.56.58/help/Config.pac
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    alg
    c:\Documents and Settings\test user\Application Data\Macromidia\alg.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 04 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 23 00 00 00 68 74 74 70 3a 2f 2f 32 30 32 2e 37 36 2e 35 36 2e 35 38 2f 68 65 6c 70 2f 43 6f 6e 66 69 67 2e 70 61 63 04 00 00 00 00 00 00 00 80 88 73 da f3 98 ca 01 01 00 00 00 ac 10 00 06 00 00 00 00 00 00 00 00
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.kibovision.com.ar/language/en-GB/.../nosso/services.php
DNS Requests
  • www.kibovision.com.ar