Troj/FakeAV-DKF

Category: Viruses and SpywareProtection available since:22 Apr 2011 21:25:18 (GMT)
Type: TrojanLast Updated:22 Apr 2011 21:25:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/FakeAV-DKF exhibits the following characteristics:

File Information

Size
83K
SHA-1
76c398f0612fba6342dd1cf484eb336cb671ea65
MD5
99197c159616c88b6538beee6bc0da9d
CRC-32
d1957dc9
File type
application/x-ms-dos-executable
First seen
2011-04-16

Other vendor detection

Kaspersky
Packed.Win32.Krap.ae

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\system.exe
Dropped Files
  • C:\WINDOWS\system32\dbs.dat
    Size
    1.9K
    SHA-1
    429095a06d4475ea22509a1c1528d5c259a7421d
    MD5
    e063bbb5aafc5312e5f39316b61b8939
    CRC-32
    3859c22b
    File type
    application/octet-stream
    First seen
    2011-04-22
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Scandisk\data
    id
    bf fe 6e f7 0e cf 0c f3 80 ef 5b 0f 00 e7 c7 17
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\DOCUME~1\support\LOCALS~1\Temp\system.exe
    43 3a 5c 44 4f 43 55 4d 45 7e 31 5c 73 75 70 70 6f 72 74 5c 4c 4f 43 41 4c 53 7e 31 5c 54 65 6d 70 5c 73 79 73 74 65 6d 2e 65 78 65 3a 2a 3a 45 6e 61 62 6c 65 64 3a 73 79 73 74 65 6d 2e 65 78 65 00 00 00
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe C:\DOCUME~1\support\LOCALS~1\Temp\system.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\system.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://yahoostat.com/dbs/logo.php
DNS Requests
  • yahoostat.com