HPsus/FakeAV-E

Categoría: Archivos y comportamiento sospechosos
Tipo: Suspicious behavior

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of HPsus/FakeAV-E include:

Example 1

File Information

Size
923K
SHA-1
5838a5ea6e937d1c6a694f4722f80f0cda3896c9
MD5
997946047ea7f8a056c9574c90d2a09f
CRC-32
4753c941
File type
application/x-ms-dos-executable
First seen
2011-04-08

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\dvnhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\yemekten_sonra.exe
    Size
    803K
    SHA-1
    b57f88dffbda687e9e4af2982876fef9e79c6b3f
    MD5
    cf6d87b46f5d387caf351f08fa3e86f0
    CRC-32
    2ca2cd2a
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-10
Modified Files
  • %SYSTEM%\d3d9caps.dat
Registry Keys Created
  • HKCU\Software\Uploader
    Ident
    User257859
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    dvnhost
    c:\Documents and Settings\test user\Local Settings\Application Data\dvnhost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    dvnhost
    c:\Documents and Settings\test user\Local Settings\Application Data\dvnhost.exe
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    yemekten_sonra.exe
Processes Created
  • c:\documents and settings\support\local settings\application data\yemekten_sonra.exe
DNS Requests
  • bakkiye4.zapto.org

Example 2

File Information

Size
898K
SHA-1
be71b9173184fa0493852970560010fe66db3f65
MD5
9a6a8fbc30768caac8b9227fbc048019
CRC-32
790aca40
File type
application/x-ms-dos-executable
First seen
2011-03-10

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\vtnhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\yemekten_sonra.exe
    Size
    803K
    SHA-1
    b57f88dffbda687e9e4af2982876fef9e79c6b3f
    MD5
    cf6d87b46f5d387caf351f08fa3e86f0
    CRC-32
    2ca2cd2a
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-10
Modified Files
  • %SYSTEM%\d3d9caps.dat
Registry Keys Created
  • HKCU\Software\Uploader
    Ident
    User255500
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    vtnhost
    c:\Documents and Settings\test user\Local Settings\Application Data\vtnhost.exe
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    yemekten_sonra.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    vtnhost
    c:\Documents and Settings\test user\Local Settings\Application Data\vtnhost.exe
Processes Created
  • c:\documents and settings\support\local settings\application data\yemekten_sonra.exe
DNS Requests
  • bakkiye4.zapto.org

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita