Mal/FakeAV-PY

Category: Viruses and Spyware Protection available since:28 Jan 2012 06:22:12 (GMT)
Type: Malicious behavior Last Updated:16 Feb 2012 18:49:34 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/FakeAV-PY include:

Example 1

File Information

Size
319K
SHA-1
00b2d95cfb70663be41d6da4cd4fecda230e09dc
MD5
835086279cdcca952a7c93b3f8fce3ed
CRC-32
e8b7f52d
File type
application/x-ms-dos-executable
First seen
2012-01-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\qpiital.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

Example 2

File Information

Size
317K
SHA-1
010338290127087386b05557ccaadf1caa7c424e
MD5
8b48279e13fa6d4f3e7d360cf7d00003
CRC-32
e63f7612
File type
application/x-ms-dos-executable
First seen
2012-02-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\ousebzdqqe.exe
Processes Created
  • c:\docume~1\support\locals~1\applic~1\ousebzdqqe.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

Example 3

File Information

Size
315K
SHA-1
01cd1d138b602498244cb98922340c63a7cb4e81
MD5
8ad31dcf1efa3b61d349f185e4397308
CRC-32
3c0e7be8
File type
application/x-ms-dos-executable
First seen
2012-02-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\fupwaa.exe
Processes Created
  • c:\docume~1\support\locals~1\applic~1\fupwaa.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
  • c:\windows\system32\taskkill.exe

download Try Sophos products for free
Download now