Troj/Mdrop-ELD

Catégorie: Virus et spywaresProtection disponible depuis:15 août 2012 20:39:47 (GMT)
Type: TrojanDernière mise à jour :16 août 2012 11:28:52 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Mdrop-ELD include:

Example 1

File Information

Size
966K
SHA-1
502920a97e01c2d022ac401601a311818f336542
MD5
d214c717a357fe3a455610b197c390aa
CRC-32
2468b2cc
File type
Windows executable
First seen
2007-05-30

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation
    DependOnGroup
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr
    Description
    Enables the Distributed Link Tracking Client service within the same domain to provide more reliable and efficient maintenance of links within the domain. If this service is disabled, any services that explicitly depend on it will fail to start.
Processes Created
  • c:\windows\system32\trksvr.exe

Example 2

File Information

Size
966K
SHA-1
7c0dc6a8f4d2d762a07a523f19b7acd2258f7ecc
MD5
b14299fd4d1cbfb4cc7486d978398214
CRC-32
1357a484
File type
Windows executable
First seen
2012-08-15

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\trksvr.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr
    Description
    Enables the Distributed Link Tracking Client service within the same domain to provide more reliable and efficient maintenance of links within the domain. If this service is disabled, any services that explicitly depend on it will fail to start.
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation
    DependOnGroup
Processes Created
  • c:\windows\system32\trksvr.exe