Tdrop

Description

(McAfee) TDrop is the third generation of HTTP Troy. TDrop uses one of two DLL files, payload32.dll and payload64.dll, and injects one, depending on operating system, into svchost.exe. Previous versions used bs.dll, which contained the code for communicating with the IRC botnet. TDrop has some further functionality not present in HTTP Troy that extends this Trojan’s ability to operate on 64-bit machines and to evade automated analysis systems and emulation technologies.

Names

Name
Tdrop

Type

Dropper

Information

https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf

Other Information

Uuid

9f2498e6-fd6d-477f-9ff0-b2af788ad7ed

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Tdrop

Tdrop

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks