1. /
  2. Security Response/
  3. Trojan.Mdropper.X

Trojan.Mdropper.X

Risk Level 1: Very Low

Discovered:
January 30, 2007
Updated:
January 30, 2007 9:50:08 PM
Infection Length:
144,112 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
CVE-2006-6456
When the Trojan is executed, it attempts to exploit the Microsoft Word Unspecified Code Execution Vulnerability (BID 21518) in order to create the following files:
  • C:\~.exe
  • C:\$
  • %Temp%\[VARIABLE NAME].exe
  • %Temp%\[VARIABLE NAME].doc - a clean Word document
  • %System%\[RANDOM NAME].exe


The dropped executables may be one of the following threats:
Backdoor.Trojan
Downloader
Backdoor.Pcclient.B (MCID 8260)
Backdoor.Ginwui.E (MCID 8890)
Writeup By: Elia Florio
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver