Troj/MFake-B exhibits the following characteristics:
File Information
- Size
- 495K
- SHA-1
- d033373576f06ee3dc6a0dded2cabaadd3cc439a
- MD5
- 9b027b84b561dd5cc4888ebe7eb4b2bf
- CRC-32
- cbb9935a
- File type
- Windows executable
- First seen
- 2013-01-28
Runtime Analysis
Dropped Files
- C:\Program Files\Common Files\Windows Driver Foundation\WUDFHost.exe
- Size
- 314K
- SHA-1
- 6f5e417ce93cd36fd2cec924c7fa7c2b68ff8835
- MD5
- 4f70e02db37a8f6e50a9c23e2a7989e8
- CRC-32
- 7c40eec3
- File type
- Windows executable
- First seen
- 2013-01-28
- C:\WINDOWS\Tasks\Windows Driver Foundation.job
- Size
- 432
- SHA-1
- 2c0a69211ea3fb2d15c27d0441d3fa638a65112a
- MD5
- fa2e7d08302780ac2833fd23929e17bc
- CRC-32
- 01b44c28
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-28
- C:\Program Files\Java\jre6\bin\bin.conf
- Size
- 91K
- SHA-1
- 2ebf06c125dbc44432d772694c9f89adf6ac9d57
- MD5
- 437e2fc8672260ec952bdf2d7d4f182b
- CRC-32
- d1d8a7a4
- File type
- Windows executable
- First seen
- 2012-02-23
- C:\Program Files\Common Files\MSSoap\MSSoap.conf
- C:\MSCache\2.tmp
- Size
- 32K
- SHA-1
- 924f9194ee6309691a31d80c65296ec53da8ce9c
- MD5
- 3a84e7269d5dcf79cefdb0ab973b1eaf
- CRC-32
- 51a2439e
- File type
- Windows executable
- First seen
- 2013-01-28
Registry Keys Created
- HKCR\CLSID\{C6B853FC-DE73-48FB-8C62-B9CEF962A541}\InprocServer32
- ThreadingModel
- Both
- HKLM\SOFTWARE\Microsoft\WUDFHost
- Binary_010
- □S□□□□0□□□H□□b□□□□□b□PA□
- HKCR\CLSID\{8644C245-B3C3-4827-ADFA-A42E9F8BB94D}\InprocServer32
- ThreadingModel
- Both
Processes Created