Troj/FakeAV-FMS

Categoría: Virus y programas espía Protección disponible desde:04 may 2012 05:15:03 (GMT)
Tipo: Trojan Última actualización:04 may 2012 05:15:03 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Troj/FakeAV-FMS exhibits the following characteristics:

File Information

Size
246K
SHA-1
df8d7d43b1e3be1bb405d8a04f200a011226467a
MD5
15efb16bb89b4eef85f663acc6d8a683
CRC-32
c34987f9
File type
application/x-ms-dos-executable
First seen
2012-01-27

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\Nda_pBTp3Cza=.exe
Dropped Files
  • c:\Documents and Settings\test user\Desktop\Data_Recovery.lnk
    Size
    832
    SHA-1
    af72a3b74f17ca216b3cccc1da737a4144f50a98
    MD5
    247fa15bdca71b614ddfc84489dc6f62
    CRC-32
    bd822a4f
    File type
    application/octet-stream
    First seen
    2012-05-03
  • c:\Documents and Settings\test user\Start Menu\Programs\Data Recovery\Data Recovery.lnk
    Size
    844
    SHA-1
    999062cd435a9e219ce212117b088df4323a3645
    MD5
    1f9cddb8c09aa37bd4ba71ee358ea702
    CRC-32
    8d78ba1b
    File type
    application/octet-stream
    First seen
    2012-05-03
  • C:\Documents and Settings\All Users\Application Data\Nda_pBTp3Cza=
    Size
    256
    SHA-1
    e3337da5a28073397e61eb66df98063b391d36a0
    MD5
    97a42db1cac7425925cc23d87b6d91cd
    CRC-32
    fa1002c6
    File type
    application/octet-stream
    First seen
    2012-05-03
  • C:\Documents and Settings\All Users\Application Data\-Nda_pBTp3Cza=r
    Size
    184
    SHA-1
    067f2ff2bcfb49404be262c501861d33e04fed8e
    MD5
    ef09c931aeffb31ed47092c929e3b701
    CRC-32
    63754f1f
    File type
    application/octet-stream
    First seen
    2012-05-03
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    Size
    850
    SHA-1
    d0eafb11ac4d2277dc797d819862604dc472ae26
    MD5
    8daca0aaa11f9f918e8014d6e5f86417
    CRC-32
    727ea028
    File type
    application/octet-stream
    First seen
    2012-05-03
  • c:\Documents and Settings\test user\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
    Size
    916
    SHA-1
    74d36a9b51cc5383836d0a82a5629df0e178446a
    MD5
    cd9e53429be8991ff8faad3ca3ffa847
    CRC-32
    89ad4fc9
    File type
    application/octet-stream
    First seen
    2012-05-03
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnZoneCrossing
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Use FormSuggest
    Yes
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    State
    0x00023e00
Processes Created
  • c:\docume~1\alluse~1\applic~1\nda_pbtp3cza=.exe
HTTP Requests
  • http://meijeroneca.com/support/s
  • http://nardelfire.com/s.php
  • http://psardcreator.com/support/s
  • http://psardcreator.com/support/sr
DNS Requests
  • meijeroneca.com
  • nardelfire.com
  • psardcreator.com

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2013 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad Cookie Information