Troj/Mdrop-EPP

Category: Viruses and SpywareProtection available since:23 Oct 2012 15:22:56 (GMT)
Type: TrojanLast Updated:23 Oct 2012 15:22:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-EPP exhibits the following characteristics:

File Information

Size
688K
SHA-1
10d74aa2262b446e9adbabf60e13de3f18364cf7
MD5
d036246ba2c8872eccb8c7051d3b8be9
CRC-32
bbb9f402
File type
Windows executable
First seen
2012-06-30

Other vendor detection

Avira
ADSPY/Adware.Gen
Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Cerberus\jusched.exe
Dropped Files
  • C:\WINDOWS\system32\Cerberus\plugin.dat
    Size
    568K
    SHA-1
    df7c8812726b35192f87ceb3f4c5f22318db2712
    MD5
    7cfbc9ef960c0483007c0a486b9242ca
    CRC-32
    12b0adf1
    File type
    Unspecified binary - probably data
    First seen
    2010-12-07
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    jusched
    C:\WINDOWS\system32\Cerberus\jusched.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Java (TM) Platform SE Auto Updater 2.1
    C:\WINDOWS\system32\Cerberus\jusched.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    jusched
    C:\WINDOWS\system32\Cerberus\jusched.exe
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{88L0SPSM-T17H-30A4-K6HC-V62FTNQ3MMVK}
    StubPath
    C:\WINDOWS\system32\Cerberus\jusched.exe Restart
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Java (TM) Platform SE Auto Updater 2.1
    C:\WINDOWS\system32\Cerberus\jusched.exe
  • HKCU\Software\Cerberus
    HKCU
    KV2Qg7jWykJ0ce4TQ7iW6yX2iKH0x4Ytn1ZStCMNqKOee0jUnmE
DNS Requests
  • myhttp.selfip.net
  • optimus.sytes.net