HPsus/FakeAV-C

Kategorie: Verdächtiges Verhalten und verdächtige Dateien
Typ: Suspicious behavior

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of HPsus/FakeAV-C include:

Example 1

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\87750128\87750128.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    87750128
    C:\Documents and Settings\All Users\Application Data\87750128\87750128.exe
Processes Created
  • c:\windows\system32\cmd.exe

Example 2

File Information

Size
269K
SHA-1
804e6c0aa376655fb714975dfb44da52da4e489c
MD5
1dcff12a22df6c6ccfcafefdd052cec8
CRC-32
396c95b6
File type
Windows executable
First seen
2010-08-31

Other vendor detection

Avira
TR/Crypt.XPACK.Gen2
Kaspersky
Trojan.Win32.FraudPack.bhou

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\ftipixdvd\cotyojoshdw.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    bhacaenl
    c:\Documents and Settings\test user\Local Settings\Application Data\ftipixdvd\cotyojoshdw.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    bhacaenl
    c:\Documents and Settings\test user\Local Settings\Application Data\ftipixdvd\cotyojoshdw.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no

Example 3

File Information

Size
31K
SHA-1
a25ff05ab079fcef92165eeaa00ccede13436c9a
MD5
9e2027b7323daf7f209ebec9e8c13720
CRC-32
f7606350
File type
Windows executable
First seen
2012-09-11

Runtime Analysis

Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\find.exe
  • c:\windows\system32\reg.exe

Download Sophos Produkte kostenlos testen
Jetzt downloaden