Mal/FakeAV-MD

Category: Viruses and SpywareProtection available since:29 May 2011 22:50:25 (GMT)
Type: Malicious behaviorLast Updated:29 May 2011 22:50:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/FakeAV-MD include:

Example 1

File Information

Size
333K
SHA-1
00801b5d63151db15e37ef09132354e7fefd5dab
MD5
75a88c438e214633ce01f9263051dec0
CRC-32
b513e74d
File type
application/x-ms-dos-executable
First seen
2011-05-29

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\iwHbfc2O.exe

Example 2

File Information

Size
422K
SHA-1
737a44904f965941e3d2bcf5a729631ca92c1b73
MD5
f495584a315e6db336b83b3bee7faa67
CRC-32
332dea78
File type
application/x-ms-dos-executable
First seen
2011-05-29

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    kjEenXNPEgLSP
    C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\all users\application data\kjeenxnpeglsp.exe
HTTP Requests
  • http://clickfer.org/pica1/531-direct
  • http://clickfremont.org/404.php
  • http://searchalice.org/404.php
DNS Requests
  • clickfer.org
  • clickfremont.org
  • searchalice.org

Example 3

File Information

Size
422K
SHA-1
c20749109f324d0581db6616fc1880b19f8db559
MD5
1329e77defbe644f0851469294923fbe
CRC-32
18a5c9a0
File type
application/x-ms-dos-executable
First seen
2011-05-29

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    kjEenXNPEgLSP
    C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\all users\application data\kjeenxnpeglsp.exe
HTTP Requests
  • http://clickfer.org/pica1/531-direct
  • http://searchant.org/404.php
  • http://searchbread.org/pica1/531-direct
DNS Requests
  • clickfer.org
  • searchant.org
  • searchbread.org