HPsus/FakeAV-J

Category: Suspicious Behavior and Files Protection available since:20 Oct 2011 20:25:40 (GMT)
Type: Suspicious file Last Updated:20 Oct 2011 20:25:40 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of HPsus/FakeAV-J include:

Example 1

File Information

Size
404K
SHA-1
33fb41550935cfa7f9c06adc7a5e12186e78d314
MD5
1e9e4da49b0246fa6e8f4f37487e4923
CRC-32
dba84b2a
File type
Windows executable
First seen
2011-06-17

Other vendor detection

Kaspersky
Trojan-Downloader.Win32.FraudLoad.ziwv

Runtime Analysis

Dropped Files
  • C:\sample
    Size
    192
    SHA-1
    e538ed10b48b5a5df6125826260e23e6944c221b
    MD5
    db9fd023e4992a214c3f71f2f30162aa
    CRC-32
    6ad01f1e
    File type
    Unspecified binary - probably data
    First seen
    2011-06-04
Processes Created
  • c:\windows\explorer.exe

Example 2

File Information

Size
209K
SHA-1
6dd9305a0b9ffbbb8600ceede74bd003ea48de7f
MD5
afd59a117b5f73766b1a5c756713861b
CRC-32
991e73f8
File type
Windows executable
First seen
2011-05-16

Other vendor detection

Kaspersky
Trojan.Win32.FakeAV.dafe

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\xeggzwz.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

Example 3

File Information

File type
Windows executable

Other vendor detection

Kaspersky
Trojan.Win32.FakeAV.dhhu

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\wjnme.exe
Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Security Shield.lnk
Processes Created
  • c:\docume~1\support\locals~1\applic~1\wjnme.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

download Try Sophos products for free
Download now