Troj/Mdrop-FIM

    Category: Viruses and SpywareProtection available since:28 Aug 2013 08:30:41 (GMT)
    Type: TrojanLast Updated:28 Aug 2013 08:30:41 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/Mdrop-FIM exhibits the following characteristics:

    File Information

    Size
    419K
    SHA-1
    0b5f5d6fb4453505685538d8c319ccd9fe498a0c
    MD5
    c21b648294fea796c350df53abc3e80c
    CRC-32
    099f25ba
    File type
    Windows executable
    First seen
    2013-08-18

    Other vendor detection

    Avira
    DR/Agent.DQ

    Runtime Analysis

    Modified Files
    • %SYSTEM%\d3d9caps.dat
    Registry Keys Created
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Microsoft Svchost
      c:\Documents and Settings\test user\Application Data\861567501.exe
    • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
      Name
      perl.exe
    Processes Created
    • c:\Documents and Settings\test user\application data\861567501.exe
    • c:\docume~1\support\locals~1\temp\rarsfx0\nsi_memexec.exe
    • c:\program files\adobe\reader 8.0\reader\acrord32.exe
    HTTP Requests
    • http://-\x16\x03\x01
    • http://81.17.28.154/b.exe
    • http://ipv4.icanhazip.com/
    IP Connections
    • 128.31.0.39:9101
    • 171.25.193.9:80
    • 81.17.28.154:80
    DNS Requests
    • ipv4.icanhazip.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection