Malware

Troj/Mdrop-CYW (file analysis)

Malware Removal

The Troj/Mdrop-CYW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Mdrop-CYW virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Troj/Mdrop-CYW?



File Info:

name: 51D7441ED1B0B9243B64.mlw
path: /opt/CAPEv2/storage/binaries/013e815e46d422162dc872ca4a7b48e143427096c4e89a81fee5f380888aaddb
crc32: 6029B9BA
md5: 51d7441ed1b0b9243b643322c675a40f
sha1: 016c4eac2e6afc5eb21e1af16a43bc8d0b1a5ce6
sha256: 013e815e46d422162dc872ca4a7b48e143427096c4e89a81fee5f380888aaddb
sha512: e95b129c2f059d462a05616ff59516e89ded2d2559ce028261357ea4026699d7bfad9f4662fc74d7002134db45aca8dd08cfd57c5f8954da1856bf8095422541
ssdeep: 24576:vFHjdLdT8cjtLdyHA2UkTnYBoaT7XihbcdHA2UkTnYBoaT7XihbcNEpQQJvKPzvl:vFHjdRYcjtRylmTlmIKPzvoS7V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17775F11177D48039E5B60B35B9BDA76257BEFE302661D20B77C037871D72A828B61B32
sha3_384: 0788002aba6a390edd842b17771ba5ed25c466c1a0bac6c12924f6d6ce4e393bf8a36ddc3229543ad7075af75a6c6f44
ep_bytes: ff2580de400000005f436f724578654d
timestamp: 2010-04-29 18:20:28


Version Info:

Translation: 0x0000 0x04b0
Comments: Hijack This
CompanyName: Trend Micro Inc
FileDescription: Hijack This
FileVersion: 2.00.0.0
InternalName: Stub.exe
LegalCopyright: © 2007 Trend Micro Inc
LegalTrademarks: Hijack This
OriginalFilename: Stub.exe
ProductName: Hijack This
ProductVersion: 2.00.0.0
Assembly Version: 2.0.0.0

Troj/Mdrop-CYW also known as:

LionicTrojan.MSIL.Agent.b!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDropNET.18
MicroWorld-eScanGen:Heur.MSIL.Krypt.!cdmip!.2
FireEyeGeneric.mg.51d7441ed1b0b924
ALYacGen:Heur.MSIL.Krypt.!cdmip!.2
CylanceUnsafe
ZillyaDropper.Agent.Win32.41508
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bc18d1 )
AlibabaVirTool:MSIL/Injector.4d4a91ba
K7GWTrojan ( 004bc18d1 )
Cybereasonmalicious.ed1b0b
BitDefenderThetaGen:NN.ZemsilF.34182.Nn3@amwi84
CyrenW32/Risk.BEPB-6603
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.BBQ
AvastWin32:DropperX-gen [Drp]
ClamAVWin.Packed.Stubrc-9780686-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.MSIL.Krypt.!cdmip!.2
NANO-AntivirusTrojan.Win32.Inject.dzttni
SUPERAntiSpywareTrojan.Agent/Gen-FakeHijack
TencentMalware.Win32.Gencirc.116a4ee4
EmsisoftGen:Heur.MSIL.Krypt.!cdmip!.2 (B)
VIPRETrojan.Win32.Generic.pak!cobra
McAfee-GW-EditionArtemis!Trojan
SophosTroj/Mdrop-CYW
JiangminTrojanDropper.MSIL.cbo
WebrootWorm:Win32/Rebhip.A
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.934DE8
MicrosoftBackdoor:Win32/Bladabindi!ml
GDataGen:Heur.MSIL.Krypt.!cdmip!.2
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Keylogger.R3762
McAfeeArtemis!51D7441ED1B0
MAXmalware (ai score=100)
VBA32TScope.Trojan.MSIL
APEXMalicious
YandexTrojan.DR.MSIL!CoVhPQgvviA
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Generic.DN.13F0B2!tr
AVGWin32:DropperX-gen [Drp]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Troj/Mdrop-CYW?

Troj/Mdrop-CYW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment