Troj/FakeAV-GSR

Category: Viruses and Spyware Protection available since:22 Jun 2013 15:28:50 (GMT)
Type: Trojan Last Updated:22 Jun 2013 15:28:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-GSR exhibits the following characteristics:

File Information

Size
843K
SHA-1
bca408ac16865b8fe7a710953c1649c16260c09d
MD5
8d1ba30e1935cc23a5d2a73e026e066c
CRC-32
65c5767d
File type
Windows executable
First seen
2013-06-20

Other vendor detection

Avira
TR/Crypt.XPACK.Gen3

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
    Size
    843K
    SHA-1
    5407e5fd004cf8416b60f025e4c158aa80b9024d
    MD5
    421d98565c08e29a697e9ab0c875d418
    CRC-32
    8ece9c74
    File type
    Windows executable
    First seen
    2013-06-22
  • C:\Documents and Settings\All Users\Application Data\tdefender.exe
    Size
    828K
    SHA-1
    82240b1125eca94cb971c0e93ecac30c66281ed0
    MD5
    5cfeacbbeb5cbade355a02d878b23200
    CRC-32
    fc734971
    File type
    Windows executable
    First seen
    2013-06-20
  • C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
    Size
    802
    SHA-1
    252dbb90152709bc979228a4e4106b73b2ea8f1b
    MD5
    ad9d5b7e762bd008b25a0838874106e5
    CRC-32
    7ecb56ff
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-06-22
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory
    C:\WINDOWS\System32\spool\PRINTERS
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□@□□`o□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□@□□`o□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
Processes Created
  • c:\documents and settings\all users\application data\tdefender.exe
  • c:\windows\system32\spoolsv.exe
HTTP Requests
  • http://cinnamyn.com/images/s.php
  • http://twinkcam.net/images/s.php
DNS Requests
  • cinnamyn.com
  • twinkcam.net

download Try Sophos products for free
Download now