HPsus/FakAV-OZ

Categoria: File e comportamenti sospetti Opzioni di protezione ora disponibili:02 lug 2012 21:24:56 (GMT)
Tipo: Suspicious file Ultimo aggiornamento:02 lug 2012 21:24:56 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of HPsus/FakAV-OZ include:

Example 1

File Information

Size
340K
SHA-1
5aeaa9746707599d8fd312fbc37128e1ead82ec8
MD5
a9e67a2cc27c2cf71ef72f8bdf0a0d7c
CRC-32
c3e84258
File type
application/x-ms-dos-executable
First seen
2012-06-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\YcJCC5BmAHL5DC.exe.tmp

Example 2

File Information

Size
250K
SHA-1
60abc5a5c1114bf4741eceeb24024be5544b274d
MD5
0a7f981ac768d06583e17e35a3f49e6e
CRC-32
8fd20f6f
File type
application/x-ms-dos-executable
First seen
2012-06-27

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\yMO,jkm5=oRf^54s.exe
Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Data Recovery\Data Recovery.lnk
    Size
    859
    SHA-1
    b6204a205c8e7680a092305ec7e0ff0145761a1c
    MD5
    c77d5dc214b9ea815e33d3c6647eb5ee
    CRC-32
    da3bdf4b
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-06-28
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    Size
    865
    SHA-1
    325f0489edb0d75dfadc0b4677a9244184681766
    MD5
    c1c4295c907c66e95081f659250eea21
    CRC-32
    88a1902b
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-06-28
  • c:\Documents and Settings\test user\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
    Size
    931
    SHA-1
    4607416cd66f6bc5c7027f70a50f5c8812f4ed1f
    MD5
    103a47e59ef7f07ff6a95054ec396f64
    CRC-32
    921b01c6
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-06-28
  • C:\Documents and Settings\All Users\Application Data\yMO,jkm5=oRf^54s
    Size
    256
    SHA-1
    fcf9b546afe2a3304fe7554380f91c5236fcf8f3
    MD5
    f851529cb4329e85b40e2bb4c695cba3
    CRC-32
    24e948e5
    File type
    Unspecified binary - probably data
    First seen
    2012-06-28
  • c:\Documents and Settings\test user\Desktop\Data_Recovery.lnk
    Size
    847
    SHA-1
    fa8c6b43bef2cc1447f1110f59ad4cb8975a7050
    MD5
    92e98a7eed0770566d29cfdcc1e1439c
    CRC-32
    d8aac3f7
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-06-28
  • C:\Documents and Settings\All Users\Application Data\-yMO,jkm5=oRf^54sr
    Size
    136
    SHA-1
    8f8baec008b5a3bbeb0bcd9489ef909cc97def40
    MD5
    77714cdd815539cae862bb2c26a9827d
    CRC-32
    6c8c222b
    File type
    Unspecified binary - probably data
    First seen
    2012-06-27
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Use FormSuggest
    Yes
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\yMO,jkm5=oRf^54s\DEBUG
    Trace Level
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    CertificateRevocation
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    State
    0x00023e00
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;
Processes Created
  • c:\docume~1\alluse~1\applic~1\ymo,jkm5=orf^54s.exe
HTTP Requests
  • http://cathedralro.com/support/s
  • http://latinbuinesc.com/support/s
  • http://latinbuinesc.com/support/sr
  • http://lightclubin.com/s.php
DNS Requests
  • cathedralro.com
  • latinbuinesc.com
  • lightclubin.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito