Troj/Mdrop-GHJ

Category: Viruses and Spyware Protection available since:15 Oct 2014 01:01:52 (GMT)
Type: Trojan Last Updated:15 Oct 2014 01:01:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-GHJ exhibits the following characteristics:

File Information

Size
4.9M
SHA-1
3e7fd1357ae7debad0852a1517b46e9660c671cd
MD5
de6a6f791dfccb5d8e97173387db5920
CRC-32
edc2ad17
File type
Windows executable
First seen
2014-04-14

Other vendor detection

Avira
TR/Rogue.11216988

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\1042\Up.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\1042\GoogleUpdate.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ESETfix.exe
  • C:\WINDOWS\SetACL.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\ehdrv\Parameters
    Flags
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    GoogleUpdate
    "c:\Documents and Settings\test user\Application Data\Microsoft\Windows\1042\GoogleUpdate.exe"
  • HKCU\Software\Adobe\Common
    INSTALL
    2014-10-14<br>19:25
  • HKCU\Software\Sysinternals\SDelete
    EulaAccepted
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\windows\1042\googleupdate.exe
  • c:\docume~1\support\locals~1\temp\esetfix.exe
  • c:\windows\setacl.exe