Examples of Mal/FakeAV-Gen include:
Example 1
Other vendor detection
- Avira
- TR/FraudPack.aisx.1
- Kaspersky
- Trojan.Win32.FraudPack.aisx
Runtime Analysis
Copies Itself To
- C:\Program Files\InternetSecurity2010\IS2010.exe
Dropped Files
- c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
- Size
- 774
- SHA-1
- 1bf054a6493d533aae37543c31a7b34e1c579ac0
- MD5
- 477852fa178e22994e6c2319071a1165
- CRC-32
- c4d69b1a
- File type
- application/octet-stream
- First seen
- 2010-10-26
- c:\Documents and Settings\test user\Desktop\Internet Security 2010.lnk
- Size
- 756
- SHA-1
- b84801a533e0c368ada1f6c562dd2de4e1cc43eb
- MD5
- 04c3d0fcf67133692a4fe0ce919fe626
- CRC-32
- ecd6cd31
- File type
- application/octet-stream
- First seen
- 2010-10-26
- c:\Documents and Settings\test user\Start Menu\Internet Security 2010.lnk
- Size
- 756
- SHA-1
- b9a7290f2d39555098446545ecfcbb50c799e13e
- MD5
- 570566dfe215bc0fe2b9d8db01175dba
- CRC-32
- 990be6f4
- File type
- application/octet-stream
- First seen
- 2010-10-26
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Internet Security 2010
- C:\Program Files\InternetSecurity2010\IS2010.exe
- HKCU\Software\IS2010
- LastD
- 26
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010102620101027
- CacheOptions
- 0x0000000b
Processes Created
- c:\program files\internetsecurity2010\is2010.exe
HTTP Requests
- http://buyinternet-security-2010.com/buy/
DNS Requests
- buyinternet-security-2010.com
Example 2
File Information
- Size
- 895K
- SHA-1
- 159e2d8abfbfe7f2e28d9214d51cf0b90da45905
- MD5
- c4900cf7e792e35c45081f994110bfc2
- CRC-32
- 467dc3dd
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-29
Example 3
Runtime Analysis
Dropped Files
Processes Created
- c:\windows\system32\cmd.exe