Troj/FakeAV-GKW exhibits the following characteristics:
File Information
- Size
- 244K
- SHA-1
- d178c4cd8186ba11fbe804b171635dd04bb13f99
- MD5
- eaee3c188f65101e81e6cf80227f5edd
- CRC-32
- 2a67dcaf
- File type
- Windows executable
- First seen
- 2013-03-10
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Application Data\egg.exe
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\6o4v7yr6ikfw18072u
- Size
- 1.1K
- SHA-1
- f06cf6a2321709cf7d3994f133da12e19b75f721
- MD5
- b119d28020442c0dc07e13f0ba6784ff
- CRC-32
- f3042832
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-10
- c:\Documents and Settings\test user\Local Settings\Temp\6o4v7yr6ikfw18072u
- Size
- 1.1K
- SHA-1
- f06cf6a2321709cf7d3994f133da12e19b75f721
- MD5
- b119d28020442c0dc07e13f0ba6784ff
- CRC-32
- f3042832
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-10
- c:\Documents and Settings\test user\Templates\6o4v7yr6ikfw18072u
- Size
- 1.1K
- SHA-1
- f06cf6a2321709cf7d3994f133da12e19b75f721
- MD5
- b119d28020442c0dc07e13f0ba6784ff
- CRC-32
- f3042832
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-10
- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
- Size
- 1.1K
- SHA-1
- f06cf6a2321709cf7d3994f133da12e19b75f721
- MD5
- b119d28020442c0dc07e13f0ba6784ff
- CRC-32
- f3042832
- File type
- Unspecified binary - probably data
- First seen
- 2013-03-10
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DoNotAllowExceptions
- 0x00000000
- HKLM\SOFTWARE\Microsoft\Security Center
- FirewallOverride
- 0x00000001
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\local settings\application data\egg.exe
HTTP Requests
- http://lp155.com/0100020113
DNS Requests