Troj/FakeAV-DVN

Category: Viruses and SpywareProtection available since:28 May 2011 15:54:45 (GMT)
Type: TrojanLast Updated:28 May 2011 15:54:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/FakeAV-DVN include:

Example 1

File Information

Size
212K
SHA-1
157d0093627eb11fa9b262aa5afa9263f62f7074
MD5
0a48e720902d4c68eb9dc69d4f2a71b2
CRC-32
08b30a14
File type
application/x-ms-dos-executable
First seen
2011-05-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2143E8.tmp
Dropped Files
  • C:\WINDOWS\system32\beep.sys
  • C:\WINDOWS\system32\drivers\2533E8.tmp
    Size
    114K
    SHA-1
    2fa4903d39812917eb481ad31e61893556afb0f9
    MD5
    b86ebcfc7fcce2006867e4288bef2edb
    CRC-32
    4846adad
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\1453E8.tmp
    Size
    64K
    SHA-1
    980c7890969bfe19e4d3d95716309a1f5223edcb
    MD5
    f99842b1bb773df15691a36eba6a576a
    CRC-32
    631e5787
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\ldraeee.tmp
    Size
    64K
    SHA-1
    980c7890969bfe19e4d3d95716309a1f5223edcb
    MD5
    f99842b1bb773df15691a36eba6a576a
    CRC-32
    631e5787
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\ldraf1d.tmp
    Size
    335K
    SHA-1
    a7e58dc8dcedade6943b0f00476909439f0e6060
    MD5
    b6f7b44461816afcf9199f4844301647
    CRC-32
    76426da4
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-24
  • C:\WINDOWS\system32\drivers\7893.sys
    Size
    114K
    SHA-1
    2fa4903d39812917eb481ad31e61893556afb0f9
    MD5
    b86ebcfc7fcce2006867e4288bef2edb
    CRC-32
    4846adad
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Spooler
    Start
    0x00000002
Processes Created
  • c:\windows\system32\spoolsv.exe

Example 2

File Information

Size
454K
SHA-1
d234e1ec5bcdcf8e0fe9031a6df349372fc8b8e7
MD5
ec0dd9e40cc39069d8e5fd08b05657e3
CRC-32
3a5277c2
File type
application/x-ms-dos-executable
First seen
2011-05-28

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\iTbaMgqSlSQqG.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe_Flash_Player.exe
    Size
    212K
    SHA-1
    157d0093627eb11fa9b262aa5afa9263f62f7074
    MD5
    0a48e720902d4c68eb9dc69d4f2a71b2
    CRC-32
    08b30a14
    File type
    application/x-ms-dos-executable
    First seen
    2011-05-27
Registry Keys Created
  • HKCU\Software
    75fa38b7-8b94-4995-ad32-52e938867954
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    SaveZoneInformation
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    iTbaMgqSlSQqG
    C:\Documents and Settings\All Users\Application Data\iTbaMgqSlSQqG.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    /{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\all users\application data\itbamgqslsqqg.exe
HTTP Requests
  • http://babaroz.co.cc/findar/vunkar/Out_!.exe
  • http://clickbatonrouge.org/404.php
  • http://searchalice.org/404.php
  • http://searchbread.org/pica1/461-direct
DNS Requests
  • babaroz.co.cc
  • clickbatonrouge.org
  • searchalice.org
  • searchbread.org