Troj/FakeMS-Y

Category: Viruses and Spyware Protection available since:11 Apr 2014 21:25:11 (GMT)
Type: Trojan Last Updated:11 Apr 2014 21:25:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/FakeMS-Y include:

Example 1

File Information

Size
148K
SHA-1
47b059ff700bad095cbe24085233830cae4e2e72
MD5
b7e6df07eba7360c38c966d2ff167f01
CRC-32
f6f18598
File type
Windows executable
First seen
2014-02-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    118K
    SHA-1
    652a4cdc6e084d6a130e6a18f5b60251ba712496
    MD5
    7cda0db8f3778cb58b47e461d26ef5a1
    CRC-32
    0d5306d1
    File type
    Encoded certificate
    First seen
    2014-02-10
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\D236B74794790D9923905972356B8BEC
    Size
    124
    SHA-1
    1334607045cc73f701b2229d418696cc6529a144
    MD5
    cb386107eea5cef829f2e8c6b68a1cb3
    CRC-32
    b9de7d72
    File type
    Unspecified binary - probably data
    First seen
    2014-02-11
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
    Size
    533
    SHA-1
    5203a6bd57fbbea66d3bbbdf084d6f4d1f02a652
    MD5
    19d1e72a816f8ca238e1673660b7d962
    CRC-32
    fb667a05
    File type
    Encoded certificate
    First seen
    2013-12-21
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\D236B74794790D9923905972356B8BEC
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    2eca4baa6805222c714c41d2e51d4bb54104cf52
    MD5
    0fee7bee5a46903620447fa57bfc059f
    CRC-32
    24a8ff2f
    File type
    Unspecified binary - probably data
    First seen
    2014-02-11
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
    Size
    100
    SHA-1
    85f27853db044318b086f18293f891218650d1ca
    MD5
    845c42342f92ed674b3dbb82076c1f5e
    CRC-32
    207abd20
    File type
    Unspecified binary - probably data
    First seen
    2014-02-11
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    124
    SHA-1
    24e8b25773056436de62fe1b9c24c53eae0562f2
    MD5
    8172afea7fdcceb7a6a2bae593f5ad6a
    CRC-32
    ae95c712
    File type
    Unspecified binary - probably data
    First seen
    2014-02-11
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    509a4695add9e9709c2e673529ed53c7d0d0abd8
    MD5
    37c3ac7e8dc94373c9687e748ae3578e
    CRC-32
    624046e4
    File type
    Microsoft CAB archive
    First seen
    2013-10-19
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□□□□□□□□□□@1□p>□ □□□E□p□□0□□□□□0□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0□□□□□□□□□□□□□□□□□□□□P□□`□□□b□ u□□B□□□□□□□p □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□ [... 1404 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-aia.verisign.com/CSC3-2010.cer
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • http://www.wintask64.com/toy2.txt
DNS Requests
  • crl.verisign.com
  • csc3-2010-aia.verisign.com
  • csc3-2010-crl.verisign.com
  • docs.google.com
  • www.download.windowsupdate.com
  • www.wintask64.com

Example 2

File Information

Size
144K
SHA-1
e9ecd67d217ddb7c3b58d3f7f25e7c58ec126308
MD5
af8d2d1cfc8cff45bf801795509a0db0
CRC-32
43f1c015
File type
Windows executable
First seen
2014-02-10

Example 3

File Information

Size
137K
SHA-1
8b972301dace82dcec9e22e6ddf8feb4c25116d4
MD5
429e91d7136ec752a1790c6f47278f1d
CRC-32
b1e23509
File type
Windows executable
First seen
2014-01-17

Runtime Analysis

HTTP Requests
  • http://www.wintask64.com/toy2.txt
DNS Requests
  • docs.google.com
  • www.wintask64.com

download Try Sophos products for free
Download now