| Visit ThreatExpert web site | | | Close Report |
[Symantec] [Kaspersky Lab] [Sophos] [Microsoft] [Ikarus] [AhnLab]| What's been found | Severity Level |
| Hosts file modification that may block access to the security web sites. |  |
| Produces outbound traffic. |  |
| Downloads/requests other files from Internet. | |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Security Risk | Description |
| RogueAntiSpyware.WindowsSecuritySuite |
RogueAntiSpyware.WindowsSecuritySuite is a rogue anti-spware program. When installed, it detects false positives and asks the user to purchase the product before cleaning the machine. |
| Threat Category | Description |
 |
A program that downloads files to the local computer that may represent security risk |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %CommonAppData%\e4a12b7\82.mof | 146 bytes | MD5: 0x2227E73680D4287D182B91DB80469E51 SHA-1: 0xB564C8676DDBC73F7BA9E7755E0DECD941088A3B |
(not available) |
| 2 |
%CommonAppData%\e4a12b7\WPe4a1.exe
|
2,339,840 bytes | MD5: 0x065B151E3C2C0C01A63AFAB2E7430B32 SHA-1: 0x6CDD919A150D13C77D542CD634621F8F4E023C5F |
(not available) |
| 3 | %CommonAppData%\WPCDSys\wpcd.cfg | 17,587 bytes | MD5: 0xC29BDE05E660ACD7C9006677C11B0A06 SHA-1: 0xD52B71C57F8C46278BE49C27E70B5A1C2AFA4F5E |
(not available) |
| 4 |
%Temp%\[filename of the sample #1]
[file and pathname of the sample #1] |
215,552 bytes | MD5: 0x87136FC7E41EBE0B122AA98590630EE6 SHA-1: 0xF2EDB0A7FEAE32EE665E76BEC53C8F6B5AF0D671 |
Downloader [Symantec] Trojan-Downloader.Win32.FraudLoad.fpv [Kaspersky Lab]Troj/FakeVir-PE [Sophos]TrojanDownloader:Win32/FakeVimes [Microsoft]Trojan-Downloader.Win32.FraudLoad [Ikarus]Win-Trojan/Fraudload.215552.D [AhnLab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | %Temp%\[filename of the sample #1] | 434,176 bytes |
| [filename of the sample #1] | [file and pathname of the sample #1] | 434,176 bytes |
| Process Name | Process Filename | Allocated Size |
| IEXPLORE.EXE | %ProgramFiles%\internet explorer\iexplore.exe | 6,471,680 bytes |
| WPe4a1.exe | %CommonAppData%\e4a12b7\wpe4a1.exe | 20,480 bytes |
 | Registry Modifications |
 | Other details |
 |
Russian Federation |
 |
United Kingdom |
| Port | Protocol | Process |
| 1087 | TCP | [filename of the sample #1] (%Temp%\[filename of the sample #1]) |
| Remote Host | Port Number |
| 206.53.61.71 | 80 |
| 206.53.61.72 | 80 |
| 206.53.61.74 | 80 |
| 64.213.140.68 | 80 |
| 64.86.133.91 | 80 |
| 64.86.16.170 | 80 |
 | Outbound traffic (potentially malicious) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.