Troj/FakeAV-GTM

Category: Viruses and Spyware Protection available since:17 Jul 2013 19:15:52 (GMT)
Type: Trojan Last Updated:17 Jul 2013 19:15:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-GTM exhibits the following characteristics:

File Information

Size
627K
SHA-1
752d3171b3cd2c053507cf7629d00e6e694e543e
MD5
a8bf0735883ca6c100085e6776dd557b
CRC-32
88c3ed27
File type
Windows executable
First seen
2013-07-17

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Templates\StructuredQuery.exe
Dropped Files
  • c:\Documents and Settings\test user\Templates\VaultCmd.exe
    Size
    11K
    SHA-1
    d25864995832073ee7c4e2d5064e5d5aaef3e46e
    MD5
    27abc37118b9e2c687c175d9f141d202
    CRC-32
    fa278ae7
    File type
    Windows executable
    First seen
    2013-07-16
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    RunOnce
    c:\Documents and Settings\test user\Templates\VaultCmd.exe
  • HKCU\Software\DC3_FEXEC
    17/07/2013 at 14:30:32
    {8683e91a-044e-11df-871e-806d6172696f-1612674719}
Processes Created
  • c:\Documents and Settings\test user\templates\structuredquery.exe
  • c:\Documents and Settings\test user\templates\vaultcmd.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe
DNS Requests
  • chuks052.no-ip.org

download Try Sophos products for free
Download now