Troj/FakeAV-GKW

Category: Viruses and Spyware Protection available since:10 Mar 2013 07:30:20 (GMT)
Type: Trojan Last Updated:10 Mar 2013 07:30:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-GKW exhibits the following characteristics:

File Information

Size
244K
SHA-1
d178c4cd8186ba11fbe804b171635dd04bb13f99
MD5
eaee3c188f65101e81e6cf80227f5edd
CRC-32
2a67dcaf
File type
Windows executable
First seen
2013-03-10

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\egg.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\6o4v7yr6ikfw18072u
    Size
    1.1K
    SHA-1
    f06cf6a2321709cf7d3994f133da12e19b75f721
    MD5
    b119d28020442c0dc07e13f0ba6784ff
    CRC-32
    f3042832
    File type
    Unspecified binary - probably data
    First seen
    2013-03-10
  • c:\Documents and Settings\test user\Local Settings\Temp\6o4v7yr6ikfw18072u
    Size
    1.1K
    SHA-1
    f06cf6a2321709cf7d3994f133da12e19b75f721
    MD5
    b119d28020442c0dc07e13f0ba6784ff
    CRC-32
    f3042832
    File type
    Unspecified binary - probably data
    First seen
    2013-03-10
  • c:\Documents and Settings\test user\Templates\6o4v7yr6ikfw18072u
    Size
    1.1K
    SHA-1
    f06cf6a2321709cf7d3994f133da12e19b75f721
    MD5
    b119d28020442c0dc07e13f0ba6784ff
    CRC-32
    f3042832
    File type
    Unspecified binary - probably data
    First seen
    2013-03-10
  • C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
    Size
    1.1K
    SHA-1
    f06cf6a2321709cf7d3994f133da12e19b75f721
    MD5
    b119d28020442c0dc07e13f0ba6784ff
    CRC-32
    f3042832
    File type
    Unspecified binary - probably data
    First seen
    2013-03-10
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\egg.exe
HTTP Requests
  • http://lp155.com/0100020113
DNS Requests
  • lp155.com

download Try Sophos products for free
Download now