Trojan.FakeAV

By LoneStar in Trojans

Translate To:

Threat Scorecard

Popularity Rank:	1,758
Threat Level:	90 % (High)
Infected Computers:	13,264

First Seen:	July 24, 2009
Last Seen:	March 18, 2026
OS(es) Affected:	Windows

Trojan.FakeAV is from a family of Trojans that assist in the spread of fake anti-spyware and anti-virus applications. Trojan.FakeAV may download malicious files onto a compromised PC and display frequent pop-ups and fake virus alerts. Trojan.FakeAV may also be associated with botnet activities. You can remove Trojan.FakeAV and its related rogueware with a trustworthy computer security program.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Fortinet	Vundo.DI!tr
McAfee	RDN/Vundo!di
McAfee-GW-Edition	Heuristic.LooksLike.Suspicious.C!85
ClamAV	Trojan.Packed-1520
AntiVir	TR/Kazy.157665.27
McAfee	Artemis!E1C96D405EEC
McAfee	Artemis!5EA5864D4F0E
AVG	Generic5.ATP
BitDefender	Gen:Variant.Graftor.19305
NOD32	probably a variant of Win32/Adware.WintionalityChe
McAfee	FakeAlert-FCG!FF7367A2280C
Ikarus	Gen.Variant.Buzy
McAfee-GW-Edition	Heuristic.BehavesLike.Win32.ModifiedUPX.F
Comodo	TrojWare.Win32.TrojanDownloader.IstBar.~L
McAfee	Artemis!154780705D0D

SpyHunter Detects & Remove Trojan.FakeAV

File System Details

Trojan.FakeAV may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	file.exe	78792f32a285ad13477e8b7bc0a7f0a9	31
Name: file.exe MD5: 78792f32a285ad13477e8b7bc0a7f0a9 Size: 104.84 KB (104847 bytes) Detections: 31 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: March 1, 2013
2.	IkEJJmteVRTh.exe	ef68b476e237e645e39a476b4223acf2	26
Name: IkEJJmteVRTh.exe MD5: ef68b476e237e645e39a476b4223acf2 Size: 448.51 KB (448512 bytes) Detections: 26 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: January 21, 2013
3.	yBlqxAdBNPjQ.exe	5cd375d6d0e3c2195064ca2f238fff87	16
Name: yBlqxAdBNPjQ.exe MD5: 5cd375d6d0e3c2195064ca2f238fff87 Size: 447.26 KB (447266 bytes) Detections: 16 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: January 10, 2012
4.	hintJPHiMDKXoFo.exe	694430ce427e02698d2a171e051505d1	13
Name: hintJPHiMDKXoFo.exe MD5: 694430ce427e02698d2a171e051505d1 Size: 441.48 KB (441480 bytes) Detections: 13 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: December 15, 2011
5.	mgqwpisksnjc.exe	b06b8a9e80dd4652513f2c8c0eed0bc9	12
Name: mgqwpisksnjc.exe MD5: b06b8a9e80dd4652513f2c8c0eed0bc9 Size: 302.08 KB (302080 bytes) Detections: 12 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 12, 2013
6.	privacy.exe	9b2ca9cb27ab3fc1d65df79b7ab6bfb2	11
Name: privacy.exe MD5: 9b2ca9cb27ab3fc1d65df79b7ab6bfb2 Size: 819.2 KB (819200 bytes) Detections: 11 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: December 12, 2011
7.	6DSS92c31Apgjk.exe	009b6781d93b2418b4715a20da4d35b7	10
Name: 6DSS92c31Apgjk.exe MD5: 009b6781d93b2418b4715a20da4d35b7 Size: 348.16 KB (348160 bytes) Detections: 10 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: October 6, 2011
8.	uRshEirOfhWeeq.exe	9131ca399f9eb9c486b5874fbf4c40d4	8
Name: uRshEirOfhWeeq.exe MD5: 9131ca399f9eb9c486b5874fbf4c40d4 Size: 444.55 KB (444552 bytes) Detections: 8 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: December 27, 2011
9.	bmilntyeqvwt.exe	d1e92a75cc9bb2b05632b6682e916f94	5
Name: bmilntyeqvwt.exe MD5: d1e92a75cc9bb2b05632b6682e916f94 Size: 303.61 KB (303616 bytes) Detections: 5 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 12, 2013
10.	funmoods.exe	a049802122120fc9e73235abe46f6dfa	4
Name: funmoods.exe MD5: a049802122120fc9e73235abe46f6dfa Size: 123.9 KB (123904 bytes) Detections: 4 Type: Executable File Path: %LOCALAPPDATA%\funmoods Group: Malware file Last Updated: December 20, 2012
11.	IwoieKBvQMts0Y.exe	2991ddb9efed491938cc5ed00727ffb2	3
Name: IwoieKBvQMts0Y.exe MD5: 2991ddb9efed491938cc5ed00727ffb2 Size: 346.36 KB (346368 bytes) Detections: 3 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: January 10, 2012
12.	PvrtVtYGxyGUr.exe	346ce6d5a19dd0ab25fdef24ae06b854	2
Name: PvrtVtYGxyGUr.exe MD5: 346ce6d5a19dd0ab25fdef24ae06b854 Size: 459.77 KB (459776 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: January 10, 2012
13.	ldb.exe	64e3764601487e367e1e3fadb2ceb571	2
Name: ldb.exe MD5: 64e3764601487e367e1e3fadb2ceb571 Size: 329.72 KB (329728 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: December 22, 2011
14.	oeCQY7EiohPXoI.exe	687fa80541ae0ba780222479913d0186	2
Name: oeCQY7EiohPXoI.exe MD5: 687fa80541ae0ba780222479913d0186 Size: 370.68 KB (370688 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: January 19, 2012
15.	smss.exe	4d47c101947dba51cbe1bdfa8a8ddc31	2
Name: smss.exe MD5: 4d47c101947dba51cbe1bdfa8a8ddc31 Size: 948.5 KB (948504 bytes) Detections: 2 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: March 12, 2013
16.	lfpcvJMzp89Jf4.exe	0d9d22b5a3d9ddef7cfb1df83c994dfb	1
Name: lfpcvJMzp89Jf4.exe MD5: 0d9d22b5a3d9ddef7cfb1df83c994dfb Size: 370.68 KB (370688 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: December 12, 2011
17.	Dpr5RGA9j357xZ.exe	2ba45ec4d6294a5fecb2476adebf138c	1
Name: Dpr5RGA9j357xZ.exe MD5: 2ba45ec4d6294a5fecb2476adebf138c Size: 355.97 KB (355976 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: December 12, 2011
18.	rilfzsggoj.exe	b5109d99e88dbe3f45de0b2ac86bffd8	1
Name: rilfzsggoj.exe MD5: b5109d99e88dbe3f45de0b2ac86bffd8 Size: 384.51 KB (384512 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: December 15, 2011
19.	efs.exe	06e72e6a3c824e4b4be31796031e6320	1
Name: efs.exe MD5: 06e72e6a3c824e4b4be31796031e6320 Size: 336.89 KB (336896 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: December 22, 2011
20.	jga.exe	f5bb253c89d2ddbf0a6e3f9808a2c500	1
Name: jga.exe MD5: f5bb253c89d2ddbf0a6e3f9808a2c500 Size: 363 KB (363008 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: January 23, 2012
21.	NYdZ9m9M5y92F6.exe	14f999b381b53799f9de6cbb1e2e0f5c	1
Name: NYdZ9m9M5y92F6.exe MD5: 14f999b381b53799f9de6cbb1e2e0f5c Size: 362.36 KB (362366 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: January 24, 2012
22.	7e78b158-8050.exe	579c6c85984266cd18138143c3ae9761	1
Name: 7e78b158-8050.exe MD5: 579c6c85984266cd18138143c3ae9761 Size: 45.05 KB (45056 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE% Group: Malware file Last Updated: February 20, 2012
23.	Protector-hjkk.exe	ff7367a2280c099701d447fd2457a90e	1
Name: Protector-hjkk.exe MD5: ff7367a2280c099701d447fd2457a90e Size: 1.95 MB (1956352 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: April 22, 2013
24.	b7116kyb2r6tse.exe	524ad9450b4cfdea69e67a620c17bf0b	1
Name: b7116kyb2r6tse.exe MD5: 524ad9450b4cfdea69e67a620c17bf0b Size: 251.39 KB (251392 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: August 21, 2012
25.	rYu6h34w.exe	9b08e69b22ac5b6a897c667f733b44ff	1
Name: rYu6h34w.exe MD5: 9b08e69b22ac5b6a897c667f733b44ff Size: 87.55 KB (87552 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: October 5, 2012
26.	svrwsc.exe	4f709998ed475cd6063c4b81d850e539	0
Name: svrwsc.exe MD5: 4f709998ed475cd6063c4b81d850e539 Size: 6.02 MB (6027264 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 20, 2017

More files

Analysis Report

General information

Family Name:	Trojan.FakeAV
Signature status:	No Signature

Known Samples

MD5: 7c0658ea1c9a145c0cdeac839c055082

SHA1: d7a9c495a0fafcc8f7ecea86073b4f9a0b6c1426

SHA256: 5F4C6975C317F9BA2D28758EB42B5184901532DB3F6AEC67757D504AB92D5F36

File Size: 2.00 MB, 1997000 bytes

MD5: 60800ebb698ae08a03dfb4c3133386b7

SHA1: 5d682ff8a8e0896123ab70c9a4a5ea51ceecebc5

SHA256: C0039DE5D47E716BCB51D7008F029DAE3FD70EED5705CCE7EDD3BE2E90843335

File Size: 49.15 KB, 49152 bytes

MD5: 2daf53377ba46a88591231276f82a507

SHA1: 849962cf0c943dfeac61b8749b72227b61bd4066

SHA256: DA64A139DFF834BCE44E1BBAD39CFFFC4D8157919643F04A9830D5DF03FDA51B

File Size: 322.56 KB, 322560 bytes

MD5: 6d789733dc48956912bdc304e7378b58

SHA1: 86c626ccb0c73e9840d4dadfb3ab49e10ae0beb6

SHA256: C4A467C96B245886A320FDF9DF41A19B6703E2BEE80FFF909DBEC1A4C7B671AF

File Size: 843.92 KB, 843925 bytes

MD5: b164ec65d852883580cf16625c9b34f2

SHA1: 63b8b1b3767b594947260221243dadfd57d39040

SHA256: D1677B1D489D033250D014DC2CBA6C10A190F92880BB2944A0FB7A29AB9C0842

File Size: 63.30 KB, 63295 bytes

MD5: a1c17293975037d8dcc634b520cbb480

SHA1: 058f57917a4444686e974ef190c9d7fcf6a20ba7

SHA256: F385465B6D9132B29CDDD151F9E1DC7D4E1C9D1D6BA71E7603FC82FC0D162E0E

File Size: 2.13 MB, 2125824 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	About module for Hackman
Company Name	SIMPLE SA TechnoLogismiki
File Description	Hackman about module SKonsola DLL
File Version	5.00 1, 18, 0, 0
Internal Name	About SKonsola
Legal Copyright	Copyright (C) 2011 © 1996-2001 TechnoLogismiki
Legal Trademarks	Hackman, TechnoLogismiki
Original Filename	About.exe SKonsola.DLL
Product Name	Hackman About Module SKonsola Dynamic Link Library
Product Version	5.00 1, 19, 0, 0

Digital Signatures

Signer	Root	Status
Zenith Technology Limited	VeriSign Class 3 Code Signing 2009-2 CA	Self Signed

File Traits

dll
HighEntropy
Installer Manifest
nosig nsis
No Version Info
Nullsoft Installer
RAR (In Overlay)
RARinO
vb6
WinRAR SFX

WRARSFX
x86

Block Information

Total Blocks:	473
Potentially Malicious Blocks:	0
Whitelisted Blocks:	279
Unknown Blocks:	194

Visual Map

0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 ? ? 0 ? 0 ? 0 0 ? 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 2 0 0 0 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 0 ? ? 0 ? ? ? ? ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 1 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 3 1 2 1 1 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.XAE
HEUR.MSIL.Generic_274333
Malex.N
Trojan.Agent.Gen.AAU
Trojan.Downloader.Gen.HE

Wana Decrypt0r.A
ZBot.TG

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kokteyl	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\kokteyl\core	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\kokteyl\core\__tmp_rar_sfx_access_check_2927031	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\kokteyl\core\uacdisabled.reg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kokteyl\core\uacdisabled.reg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa4ab0.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb4b00.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4b00.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb4b00.tmp\iospecial.ini	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsb4b00.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda91d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsda91e.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsda91e.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda91e.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~df0e035d521a82c596.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\vhznnaxin.exe	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\free pdf tablet::first_run	1	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	믌羄烯ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioruser		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system\uipi::	0x00000001(1)	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies::filteradministratortoken		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerName GetUserObjectInformation
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant Show More ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Network Winsock2	WSAStartup
Network Winsock	freeaddrinfo getaddrinfo
Network Icmp	IcmpCreateFile IcmpSendEcho2Ex
Process Terminate	TerminateProcess
Keyboard Access	GetAsyncKeyState GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory

Shell Command Execution


							open cmd.exe /c taskkill /f /pid 7552 & ping -n 3 127.1 & del /f /q "c:\users\user\downloads\849962cf0c943dfeac61b8749b72227b61bd4066_0000322560" & start C:\Users\Pilebkth\AppData\Local\VHZNNA~1.EXE -f


							C:\WINDOWS\system32\taskkill.exe taskkill  /f /pid 7552


							WriteConsole: ERROR: The proce


							C:\WINDOWS\system32\PING.EXE ping  -n 3 127.1


							C:\Users\Pilebkth\AppData\Local\vhznnaxin.exe C:\Users\Pilebkth\AppData\Local\VHZNNA~1.EXE  -f


									(NULL) regedit /s C:\Users\Jkjoelgo\AppData\Local\Temp\Kokteyl\Core\UACDisabled.reg


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\058f57917a4444686e974ef190c9d7fcf6a20ba7_0002125824.,LiQMAxHB

Trojan.FakeAV

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan.FakeAV

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed