Troj/FakeAV-GNJ

Catégorie: Virus et spywares Protection disponible depuis:24 avr. 2013 16:18:02 (GMT)
Type: Trojan Dernière mise à jour :24 avr. 2013 16:18:02 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/FakeAV-GNJ exhibits the following characteristics:

File Information

Size
236K
SHA-1
70ed2d76602ba893dd3f535bd40bfcf96356bbcf
MD5
8229d1c1fa11170e74fd2e7bfcc98233
CRC-32
76f67d43
File type
Windows executable
First seen
2013-04-24

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\hmj.exe
Dropped Files
  • c:\Documents and Settings\test user\Templates\6o4v7yr6ikfw18072u
    Size
    1.2K
    SHA-1
    8b14810cdc2c776f795621cd13c01fa49ee64d4b
    MD5
    650101a4747737ab32abfb38a1385e0e
    CRC-32
    d7f945df
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Temp\6o4v7yr6ikfw18072u
    Size
    1.2K
    SHA-1
    8b14810cdc2c776f795621cd13c01fa49ee64d4b
    MD5
    650101a4747737ab32abfb38a1385e0e
    CRC-32
    d7f945df
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Application Data\6o4v7yr6ikfw18072u
    Size
    1.2K
    SHA-1
    8b14810cdc2c776f795621cd13c01fa49ee64d4b
    MD5
    650101a4747737ab32abfb38a1385e0e
    CRC-32
    d7f945df
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
    Size
    1.2K
    SHA-1
    8b14810cdc2c776f795621cd13c01fa49ee64d4b
    MD5
    650101a4747737ab32abfb38a1385e0e
    CRC-32
    d7f945df
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\hmj.exe
HTTP Requests
  • http://soda21.com/0103014913
DNS Requests
  • soda21.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant