Troj/FakeAV-CLZ exhibits the following characteristics:
File Information
- Size
- 237K
- SHA-1
- 7fe4fa35971b225c15f8cb55e9acc31756c85c8e
- MD5
- d9deca8094c4d84bb2fc0a141ba6bb44
- CRC-32
- 6810c209
- File type
- application/x-ms-dos-executable
- First seen
- 2011-02-12
Other vendor detection
- Kaspersky
- Trojan.Win32.VBKrypt.ccoc
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\WinDefender.exe
Dropped Files
- F:/Autorun.ini
- Size
- 28
- SHA-1
- 1d6e848669f04e6aba25e60276e3bebd4a87238e
- MD5
- ce886cb8e7d70a3272703d782f525212
- CRC-32
- 944186af
- File type
- application/octet-stream
- First seen
- 2010-08-16
- c:\Documents and Settings\test user\Application Data\data.dat
- Size
- 32
- SHA-1
- 41a054b7640a76436dd52217419bbed492328d1c
- MD5
- a015209cc96863a85567bd69d72834f2
- CRC-32
- 6342cbb0
- File type
- application/octet-stream
- First seen
- 2011-03-23
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Security Center
- UACDisableNotify
- 0x00000000
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Windows Defender
- c:\Documents and Settings\test user\Application Data\WinDefender.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
- Windows Defender
- c:\Documents and Settings\test user\Application Data\WinDefender.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Windows Defender
- c:\Documents and Settings\test user\Application Data\WinDefender.exe
- HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{DDF6AD7D-ECBD-DBA8-EBEC-F31ED002BEBA}
- StubPath
- c:\Documents and Settings\test user\Application Data\WinDefender.exe
- HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
- QA2MHJ43HM
- March 23, 2011
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\test_item.exe
- c:\test_item.exe:*:Enabled:Windows Messanger
Processes Created
- c:\windows\system32\cmd.exe
- c:\windows\system32\reg.exe
DNS Requests