On execution this trojan will download a second trojan file from:
• http://202.190[REMOVED]/gaga/2malware.html
It is saved as C:\malware.html and then later renamed and executed as C:\malware2.exe. The second trojan is also detected as
Trojan-Downloader:W32/MyDrill.A.
It will then create a copy of itself in the Window's System directory, usually C:\Windows\System32.
It will then Show the following Message Box:

It then creates an autostart registry entry for the downloaded Trojan in:
• HKLM\Software\Microsoft\Windows\Currentversion\Run
myDrill07_hi_analyst = %System%\malware2.exe
It also monitors the following active analyst tools and applications and shows a message box as an alert:
• Command Prompt
• Ethereal / WireShark
• Olly Debug
• Process Explorer
• Registry Editor
• RegShot
• Windows Task Manager
• WordPad
• ZoneAlarm
Example:

It then exits whenever one of the said tools are detected as running.
With an additional anti-debugging check compared to the first trojan, the downloaded file when executed then downloads a third trojan from:
• http://202.190[REMOVED]/gaga/3-malware.html
The download is saved as C:\malware.html and then later renamed and executed as C:\malware3.exe.
The third trojan is also detected as Trojan-Downloader:W32/MyDrill.A.
It then copies itself to the Window's System directory as malware3.exe showing the same message box for notification.
An autostart entry in the registry is then created for itself as:
• HKLM\Software\Microsoft\Windows\Currentversion\Run
myDrill07_hi_analyst = %System%\malware3.exe
As the first trojan , this file then monitors active analysis tools and exits if it detects any, also showing similar message box as notification.
The third trojan then downloads a none malicious file done.html from:
• http://202.190[REMOVED]/gaga/done.html
Similar to the first two trojans with the exception of the additional anti-debugging routines, this file then creates a autostart registry entry:
• HKLM\Software\Microsoft\Windows\Currentversion\Run
myDrill07_hi_analyst = %System%\malware3.exe
It then actively monitors running analysis tools.
It then displays the message box:
