Troj/FakeAV-BRA exhibits the following characteristics:
File Information
- Size
- 907K
- SHA-1
- fc78b0432364391cbae476949b12d1682b1d46dd
- MD5
- 3618f22a6060f344e40a0970b5e5f81f
- CRC-32
- af278569
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-20
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\asectool.exe
Dropped Files
- c:\Documents and Settings\test user\Application Data\1tmp.bat
- Size
- 90
- SHA-1
- da3b854309718a896ae0c979e0dfd4ba9e252359
- MD5
- 9cf1c9a8cb6efbfd16aefbcf51633237
- CRC-32
- 9803bd95
- File type
- application/octet-stream
- First seen
- 2010-08-20
- c:\Documents and Settings\test user\Application Data\secmof.tmp
- Size
- 320
- SHA-1
- 30e22ac72d2415129ab83b77389ea0c32c5a1c4e
- MD5
- 7ce622c57f3c504e6a703a4841770bac
- CRC-32
- 20f9c657
- File type
- application/octet-stream
- First seen
- 2010-08-20
- c:\Documents and Settings\test user\Application Data\scan.dll
- Size
- 31K
- SHA-1
- a9a51e26fa593f0853f85acb0264e73c50ad988a
- MD5
- 251dfbb330974c25df4934489bbc9a05
- CRC-32
- e77b6a91
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-20
- c:\Documents and Settings\test user\Desktop\Advanced Security Tool 2010.LNK
- Size
- 1.8K
- SHA-1
- 8e95cab0176d343512e7ad9b3a4943b0efe7812f
- MD5
- 70043a6a6bcacb02287fc2b6fe3313e3
- CRC-32
- ca18fc45
- File type
- application/octet-stream
- First seen
- 2010-09-02
- c:\Documents and Settings\test user\Start Menu\Advanced Security Tool 2010.LNK
- Size
- 1.8K
- SHA-1
- 2d56bc057d4fc8f1e43dfe098a200938b573f807
- MD5
- fd54f004ed36ad4c751d9ad3e9d129b9
- CRC-32
- d147d13d
- File type
- application/octet-stream
- First seen
- 2010-09-02
Modified Files
- %PROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
- Changed the file contents
Registry Keys Created
- HKCR\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid
- (Default)
- {00020420-0000-0000-C000-000000000046}
- HKCR\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}\ProgID
- (Default)
- BrcWizApp.BrcWiz.1
- HKCR\BrcWizApp.BrcWiz.1
- (Default)
- BrcWiz Class
- HKCR\BrcWizApp.BrcWiz.1\CLSID
- (Default)
- {80c10400-59cb-4c79-97ce-cc693103afca}
- HKCR\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib
- Version
- 1.0
- HKCR\BrcWizApp.BrcWiz\CurVer
- (Default)
- WinInetApp.BrcWiz.1
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
- (Default)
- IBhoApp
- HKCR\BrcWizApp.BrcWiz\CLSID
- (Default)
- {80c10400-59cb-4c79-97ce-cc693103afca}
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
- (Default)
- {58B4E0F5-F122-4C02-B038-C482D998486A}
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- Shell
- "c:\Documents and Settings\test user\Application Data\asectool.exe" /sn
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
- (Default)
- {00020424-0000-0000-C000-000000000046}
- HKCR\BrcWizApp.BrcWiz
- (Default)
- BrcWiz Class
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}
- NoExplorer
- 0x00000001
- HKCR\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}\InprocServer32
- ThreadingModel
- Apartment
- HKCR\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
- (Default)
- _IBhoAppEvents
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- AdvSecTool
- "c:\Documents and Settings\test user\Application Data\asectool.exe"
- HKCU\Software\Advanced Security
- UpdateDate
- 18-08-2010
- HKCR\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}\1.0\0\win32
- (Default)
- c:\Documents and Settings\test user\Application Data\scan.dll
- HKCR\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}\1.0\FLAGS
- (Default)
- 0
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Security Center
- AntiVirusDisableNotify
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes
- ".exe;"
Processes Created
- c:\windows\system32\cmd.exe
- c:\windows\system32\regsvr32.exe
- c:\windows\system32\rundll32.exe
- c:\windows\system32\wbem\mofcomp.exe
HTTP Requests
- http://fileautoupdate1.com/st1/index.php
DNS Requests