Troj/FakeAV-GPL

Kategorie: Viren und Spyware Schutz verfügbar seit:06 Mai 2013 22:52:29 (GMT)
Typ: Trojan Zuletzt aktualisiert:17 Mai 2013 19:19:57 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/FakeAV-GPL include:

Example 1

File Information

Size
849K
SHA-1
0003b346cb5dd08d9c11238c475d6f0dcda8c0b0
MD5
84a776d373f2e2faf69f2d70cf86ffcd
CRC-32
cf243a31
File type
Windows executable
First seen
2013-05-12

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
    Size
    849K
    SHA-1
    c9ff004bb3fdcfe918435901859a97a1c76d6497
    MD5
    f1f341ac67724214c96a3a95cce04b3d
    CRC-32
    28b8fb90
    File type
    Windows executable
    First seen
    2013-05-13
  • C:\Documents and Settings\All Users\Desktop\Internet Security 2013.lnk
    Size
    799
    SHA-1
    311aa84873531a25a94e0a98e5e27852eccbfd0d
    MD5
    ccf0b583cd6227cb51ac882db1073460
    CRC-32
    7f85e918
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-05-13
  • C:\Documents and Settings\All Users\Application Data\amsecure.exe
    Size
    852K
    SHA-1
    b9f3b78e32ee7671db30ee23535351e853ab85fe
    MD5
    e9df1032f6a475c926cda1e6d5df1afa
    CRC-32
    f0cf2796
    File type
    Windows executable
    First seen
    2013-05-13
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory
    C:\WINDOWS\System32\spool\PRINTERS
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□A□□□□□O□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□A□□□□□O□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
Processes Created
  • c:\documents and settings\all users\application data\amsecure.exe
  • c:\windows\system32\spoolsv.exe
HTTP Requests
  • http://saggerboy.com/images/m.php
  • http://www.banglamasala.com/ccbill/m.php
DNS Requests
  • saggerboy.com
  • www.banglamasala.com

Example 2

File Information

Size
869K
SHA-1
0262ebb120ddfa538c6b0cae36db74067592f1df
MD5
3027db4f0feaf79cfdb330b2e30d7c36
CRC-32
02dee80f
File type
Windows executable
First seen
2013-05-06

Runtime Analysis

Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe

Example 3

File Information

Size
812K
SHA-1
04aa99c0341c4cc5c3f644926ddb76f8506b47c7
MD5
d4b52ab561640a3fd92fb9b5ec4f5417
CRC-32
b499ed26
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe

Download Sophos Produkte kostenlos testen
Jetzt downloaden