Troj/Mdrop-HYT

Category: Viruses and Spyware Protection available since:17 Jul 2017 21:32:25 (GMT)
Type: Trojan Last Updated:17 Jul 2017 21:32:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-HYT exhibits the following characteristics:

File Information

Size
2.5M
SHA-1
cda34ef36436db44ea599bea632962e8401317b7
MD5
c1b4342cfba413c49ef8971e3d2a0920
CRC-32
bbba1049
File type
Windows executable
First seen
2017-07-17

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\BReader.exe
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\adbr01.exe
    Size
    2.4M
    SHA-1
    4948b2da6af112723a9d22dea89cc5807ba5ecb9
    MD5
    c1f38381ccd2fadaf9b60f6e04ded52b
    CRC-32
    7dc5f975
    File type
    Windows executable
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\003_20170717_065100.058
    Size
    1.3K
    SHA-1
    d846b49479504833703816109a729523754423fe
    MD5
    c11d442462ba23f6627b75940d72d95b
    CRC-32
    5952fdb9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Recent\892.jpg.lnk
    Size
    969
    SHA-1
    41863ae5fae869713ee1e7030d176272c4cbaad7
    MD5
    5355d5fb2b47b7707dddae280890f787
    CRC-32
    1d479d41
    File type
    Windows Shortcut file (.LNK)
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\adip2.klc
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\Adobeta.exe
    Size
    174K
    SHA-1
    9c1ffcea5067ea4dc2c3b97cd4fdc1277d0450b9
    MD5
    fcf8ec7eef5050657d5a9225b85bfeca
    CRC-32
    2a96faa1
    File type
    Windows executable
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\003_20170717_065100.059
    Size
    1.4K
    SHA-1
    5ab5b0e5cb47ec1ae28a49f075b4b497093f099a
    MD5
    e3b82ba3f2d8064f349269c1bfe4935a
    CRC-32
    a1da3852
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\870.afr
    Size
    121
    SHA-1
    090ea35a2d47825a2cb76bbd0aa2b5b25dd33d77
    MD5
    8902902c7a3cb1ed89720141ca270a58
    CRC-32
    50b4f477
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\cdu03.bat
    Size
    1.8K
    SHA-1
    dcc7ffc9a8338df73ef6938a38f2420021d4737d
    MD5
    bd2ee334f3281378168c7611d25ff4d1
    CRC-32
    330906aa
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • C:\Documents and Settings\All Users\Application Data\TEMP\RAIDTest
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\112.112
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\Adob9.vbs
    Size
    213
    SHA-1
    73e1a390504d131471273b9d44226040402e4aa5
    MD5
    71b8aa8f2e9a1601a940aff6d0d29948
    CRC-32
    cd21e03f
    File type
    Visual Basic Script
    First seen
    2017-06-12
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\launch.vbs
    Size
    213
    SHA-1
    1056f09061dd08cf94d9f1b5bd5f3580c450c90d
    MD5
    bd937ffe609cc26935c5fd8ca1a8dc7a
    CRC-32
    05deb0c4
    File type
    Visual Basic Script
    First seen
    2017-06-12
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\adbr02.exe
    Size
    2.5M
    SHA-1
    7c5f18d8ffc11a06b5af6e7018520dd11abc3222
    MD5
    922fd064504795c5135ac667ae2fc229
    CRC-32
    a131f6a4
    File type
    Windows executable
    First seen
    2017-07-16
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\BReader.exe
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\sun.afr
    Size
    118
    SHA-1
    fd4b5a8c1b43da08610a26f325d82d1284e9df6c
    MD5
    e6c034e514a6559e3af892edb5563888
    CRC-32
    0acb6734
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\Adobeta.exe
    Size
    174K
    SHA-1
    9c1ffcea5067ea4dc2c3b97cd4fdc1277d0450b9
    MD5
    fcf8ec7eef5050657d5a9225b85bfeca
    CRC-32
    2a96faa1
    File type
    Windows executable
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\sun.afr
    Size
    118
    SHA-1
    fd4b5a8c1b43da08610a26f325d82d1284e9df6c
    MD5
    e6c034e514a6559e3af892edb5563888
    CRC-32
    0acb6734
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\Adob9.vbs
    Size
    213
    SHA-1
    73e1a390504d131471273b9d44226040402e4aa5
    MD5
    71b8aa8f2e9a1601a940aff6d0d29948
    CRC-32
    cd21e03f
    File type
    Visual Basic Script
    First seen
    2017-06-12
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\adbr01.exe
    Size
    2.4M
    SHA-1
    4948b2da6af112723a9d22dea89cc5807ba5ecb9
    MD5
    c1f38381ccd2fadaf9b60f6e04ded52b
    CRC-32
    7dc5f975
    File type
    Windows executable
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Recent\4low.lnk
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\abb1.bat
    Size
    151
    SHA-1
    216eb201039d57a43f6b43a040cc8b0865e48bf1
    MD5
    17da5e34fe4c956bc7e038aa6c76c556
    CRC-32
    c3d65d6a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-11
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\870.afr
    Size
    121
    SHA-1
    090ea35a2d47825a2cb76bbd0aa2b5b25dd33d77
    MD5
    8902902c7a3cb1ed89720141ca270a58
    CRC-32
    50b4f477
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\adbr02.exe
    Size
    2.5M
    SHA-1
    7c5f18d8ffc11a06b5af6e7018520dd11abc3222
    MD5
    922fd064504795c5135ac667ae2fc229
    CRC-32
    a131f6a4
    File type
    Windows executable
    First seen
    2017-07-16
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\abb1.bat
    Size
    151
    SHA-1
    216eb201039d57a43f6b43a040cc8b0865e48bf1
    MD5
    17da5e34fe4c956bc7e038aa6c76c556
    CRC-32
    c3d65d6a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-11
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\ert02.bat
    Size
    713
    SHA-1
    76f0426f3d7316d0d2e64080a4b97e095b6a93ed
    MD5
    056a2eef53bd63c237e640902cd8cd67
    CRC-32
    9c376539
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\ert02.bat
    Size
    713
    SHA-1
    76f0426f3d7316d0d2e64080a4b97e095b6a93ed
    MD5
    056a2eef53bd63c237e640902cd8cd67
    CRC-32
    9c376539
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Local Settings\Temp\9F86B0A0.TMP
    Size
    130
    SHA-1
    32fc3389b9357fafa982838835b5fd24b74fb942
    MD5
    de902d6ae6feca36b135068418198d3b
    CRC-32
    81222d92
    File type
    Unspecified binary - probably data
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\appdata\local\4Adobe\4low\cdu03.bat
    Size
    1.8K
    SHA-1
    dcc7ffc9a8338df73ef6938a38f2420021d4737d
    MD5
    bd2ee334f3281378168c7611d25ff4d1
    CRC-32
    330906aa
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Application Data\Adobe\Adobe INC\AadobeRead\launch.vbs
    Size
    213
    SHA-1
    1056f09061dd08cf94d9f1b5bd5f3580c450c90d
    MD5
    bd937ffe609cc26935c5fd8ca1a8dc7a
    CRC-32
    05deb0c4
    File type
    Visual Basic Script
    First seen
    2017-06-12
Registry Keys Created
  • HKCR\CLSID\{71E816AE-B6E7-34BA-0341-332B111F53E6}\ProgID
    (Default)
    MSVidCtl.MSVidXDS.1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    7
    4□□□□□□□□p□□□□□□□□ □□□□□□□□□□□□□□□□□@l□□w□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□@□□□□□□□□p□□□□□□□□□□□□□□□□□□□□□□□
  • HKCR\CLSID\{71E816AE-B6E7-34BA-0341-332B111F53E6}\TypeLib
    (Default)
    {B0EDF154-910A-11D2-B632-00C04F79498E}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017071720170718
    CacheRepair
    0x00000000
  • HKCU\Software\Licenses
    {ICAFDB58D0740813E}
    □□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    jhytv555
    c:\Documents and Settings\test user\Application Data\Adobe\Adobe Inc\AdobeRead\abb1.bat
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
    MRUListEx
    □□□□□□□□□□□□
  • HKCR\CLSID\{71E816AE-B6E7-34BA-0341-332B111F53E6}\VersionIndependentProgID
    (Default)
    MSVidCtl.MSVidXDS
  • HKCR\CLSID\{71E816AE-B6E7-34BA-0341-332B111F53E6}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    3
    4□□□□□□□□p□□□□□□□□ □□□□□□□□□□□□□□□□□@l□□w□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□@□□□□□□□□p□□□□□□□□□□□□□□□□□□□□□□□
  • HKCR\CLSID\{71E816AE-B6E7-34BA-0341-332B111F53E6}
    (Default)
    XDS Feature Segment
  • HKCU\Software\WinRAR SFX
    C%%Documents and Settings%support%appdata%local%4Adobe%4low
    c:\Documents and Settings\test user\appdata\local\4Adobe\4low
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\Documents and Settings\test user\application data\adobe\adobe inc\aadoberead\adbr01.exe
  • c:\Documents and Settings\test user\application data\adobe\adobe inc\aadoberead\adbr02.exe
  • c:\Documents and Settings\test user\application data\adobe\adobe inc\aadoberead\adobeta.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ipconfig.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\reg.exe
  • c:\windows\system32\rundll32.exe
  • c:\windows\system32\wscript.exe
  • c:\windows\system32\xcopy.exe
DNS Requests
  • ftp.freehostia.com

download Try Sophos products for free
Download now