Troj/Mdrop-HVO

Category: Viruses and Spyware Protection available since:20 Mar 2017 20:21:13 (GMT)
Type: Trojan Last Updated:20 Mar 2017 20:21:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-HVO exhibits the following characteristics:

File Information

Size
528K
SHA-1
fd22f020a51b8f45967a5ded78b94eb23ffcbd4a
MD5
d57cd33ea3ee4f8d4a8b9f95b86b11c3
CRC-32
3822f8c1
File type
Windows executable
First seen
2017-03-20

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\CF2254\460F75.exe
Dropped Files
  • c:\Documents and Settings\test user\My Documents\My Videos\Desktop.ini
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\win32.vbs
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\c1614488-8038-4563-8510-f6b9da376cce
    Size
    388
    SHA-1
    b97aeaad927e9bd8ddf0d41290de9dffc5679cab
    MD5
    919a80dc31d553750ad2b3b066059477
    CRC-32
    36a7e298
    File type
    Unspecified binary - probably data
    First seen
    2017-03-20
  • c:\Documents and Settings\test user\Application Data\win32.exe
    Size
    528K
    SHA-1
    1f79f2be4b62e2c8253be65ecbee93cf7de2762f
    MD5
    d549f5b5202c30e9ba548d727472f37b
    CRC-32
    d1999990
    File type
    Windows executable
    First seen
    2017-03-20
  • c:\Documents and Settings\test user\Local Settings\Temp\nbot.exe
    Size
    198K
    SHA-1
    c83d4c4c066f56769aa374875f41f7e318c951d4
    MD5
    9181376c9ae863d1b7b47e03cc4eab45
    CRC-32
    6ce2465f
    File type
    Windows executable
    First seen
    2017-03-20
Modified Files
  • %PROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\844641068f15df8c2e25fea3578f59c8_26c19984-2a01-45b5-a7b3-a568af60c200
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Logitech, Inc.
    WindowLayout
    □Q□`□□□□□@□□□□□□□□□□□0□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    My Video
    c:\Documents and Settings\test user\My Documents\My Videos
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\nbot.exe
DNS Requests
  • paneltestghelp.xyz

download Try Sophos products for free
Download now