Troj/Mdrop-FIM

Category: Viruses and SpywareProtection available since:28 Aug 2013 08:30:41 (GMT)
Type: TrojanLast Updated:28 Aug 2013 08:30:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FIM exhibits the following characteristics:

File Information

Size
419K
SHA-1
0b5f5d6fb4453505685538d8c319ccd9fe498a0c
MD5
c21b648294fea796c350df53abc3e80c
CRC-32
099f25ba
File type
Windows executable
First seen
2013-08-18

Other vendor detection

Avira
DR/Agent.DQ

Runtime Analysis

Modified Files
  • %SYSTEM%\d3d9caps.dat
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Svchost
    c:\Documents and Settings\test user\Application Data\861567501.exe
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    perl.exe
Processes Created
  • c:\Documents and Settings\test user\application data\861567501.exe
  • c:\docume~1\support\locals~1\temp\rarsfx0\nsi_memexec.exe
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://-\x16\x03\x01
  • http://81.17.28.154/b.exe
  • http://ipv4.icanhazip.com/
IP Connections
  • 128.31.0.39:9101
  • 171.25.193.9:80
  • 81.17.28.154:80
DNS Requests
  • ipv4.icanhazip.com