Examples of Troj/FakeAV-BSG include:
Example 1
File Information
- Size
- 295K
- SHA-1
- 1129025521f304fab8f3ce83faa6e0388c0691ad
- MD5
- 1af3502095823e08bf945ebd6cbeab3a
- CRC-32
- 397b8717
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Other vendor detection
- Avira
- TR/FakeAV.HG
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Application Data\fesfhwhtl\adrrjthtssd.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
- SaveZoneInformation
- 0x00000001
- HKCU\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- vcunbvns
- c:\Documents and Settings\test user\Local Settings\Application Data\fesfhwhtl\adrrjthtssd.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- vcunbvns
- c:\Documents and Settings\test user\Local Settings\Application Data\fesfhwhtl\adrrjthtssd.exe
Registry Keys Modified
- HKCU\Software\Microsoft\Internet Explorer\Download
- CheckExeSignatures
- no
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes
- .exe
Processes Created
- c:\documents and settings\support\local settings\application data\fesfhwhtl\adrrjthtssd.exe
Example 2
File Information
- Size
- 295K
- SHA-1
- 51fab2a959e12343ce3b15bd2514a8a62d2406e0
- MD5
- bf82e4e441e7a600f1dcb5edb1f68bff
- CRC-32
- a95bb23e
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-20
Other vendor detection
- Avira
- TR/FakeAV.HG
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Application Data\veafhoimo\alvppgqtssd.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
- SaveZoneInformation
- 0x00000001
- HKCU\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- cibkltjo
- c:\Documents and Settings\test user\Local Settings\Application Data\veafhoimo\alvppgqtssd.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- cibkltjo
- c:\Documents and Settings\test user\Local Settings\Application Data\veafhoimo\alvppgqtssd.exe
Registry Keys Modified
- HKCU\Software\Microsoft\Internet Explorer\Download
- CheckExeSignatures
- no
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes
- .exe
Example 3
File Information
- Size
- 295K
- SHA-1
- 7a3fde7427070469674dd0b123f65287055b7df6
- MD5
- d6e381755f5e4dfcaf61af6520e607ca
- CRC-32
- 098e71ec
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Other vendor detection
- Avira
- TR/FakeAV.HG
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Application Data\fpughltip\anrpwlgtssd.exe
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- vwfpgqmj
- c:\Documents and Settings\test user\Local Settings\Application Data\fpughltip\anrpwlgtssd.exe
- HKCU\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
- SaveZoneInformation
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- vwfpgqmj
- c:\Documents and Settings\test user\Local Settings\Application Data\fpughltip\anrpwlgtssd.exe
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes
- .exe
- HKCU\Software\Microsoft\Internet Explorer\Download
- CheckExeSignatures
- no
Processes Created
- c:\documents and settings\support\local settings\application data\fpughltip\anrpwlgtssd.exe