Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan-Dropper.Rol Analysis Report
Threat Submitted On: 3/14/2008 6:14:26 PM
Threat Analysed On: 3/14/2008 11:14:26 PM
Threat Updated On: 1/28/2011 8:30:43 AM
Type : Trojan-Dropper
Symptoms of Rol
  • Drops malicious items on to the user’s system.
  • Upon execution, the files are extracted in a temporary folder and executed.
  • May include harmless files also to pose as a non-malicious program.
Information
Alias : Trojan-Dropper.Win32.Rol.a
Md5 Hash : [5cb5c82b42f690c4139457a881c0ed61]
File Size : (697616 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: ²¹¶¡3.exe
Path : %temp%

Md5Hash :f52f592f2c685e21b5d05b099ef6dd0e ( 17775 bytes)
File: éí·ýö¤éú³é.exe
Path : %temp%

Md5Hash :346241fa3200cbd15881fc1eb47ddde8 ( 675328 bytes)
File: [randomname].exe
Path : %workingdir%

Md5Hash :5cb5c82b42f690c4139457a881c0ed61 ( 697616 bytes)
Creates the following child process(s) on execution:

%systemdrive%\docume~1\antisp~1\locals~1\temp\Éí·ÝÖ¤Éú³É.exe

%systemdrive%\docume~1\antisp~1\locals~1\temp\²¹¶¡3.exe

net stop norton antivirus auto protect service

net stop mcshield

net stop windows firewall/internet connection sharing (ics)

net stop system restore service

%programfiles%\internet explorer\iexplore.exe

Creates the Following MUTEX(s) on user's System:-
%$#&**(%$#))(*&^%@#
Copies the Following Files to Given Location :-

Copies :%windir%\system32\urlmon.dll

To : %windir%\system32\directx9.dll

NOTE:

1. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
2. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.