Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonPrograms%\Windows Problems Stopper.lnk 855 bytes MD5: 0xE3CA8A53D86BF649747C39F257F0ED9D
SHA-1: 0x3A04462345A14F4C4A2CFC06E55D12053EDF44AE
(not available)
2 %AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 102 bytes MD5: 0x8548AC8F2A90DFEAA7AC7E24BA675533
SHA-1: 0x5EB7CCA867CFC1C21E20EF9B1C969A06A4A63EBF
(not available)
3 %AppData%\Protector-qxl.exe 2,082,816 bytes MD5: 0x9B4E612A7FB7F4FF481C2B96D51C7757
SHA-1: 0xA92B053DBDFFBC2A44417AFA56F1687E1A50283A
Trojan.Gen.2 [Symantec]
FakeAlert-FCG!9B4E612A7FB7 [McAfee]
Mal/FakeAV-MJ, Mal/FakeAV-MJ [Sophos]
Trojan.Win32.FakeAV [Ikarus]
packed with PE_Patch [Kaspersky Lab]
4 %AppData%\result.db 371 bytes MD5: 0xCCE0C6510ECDA48904E73C85FE57DAF7
SHA-1: 0x6B41F25D95685FB619B61EE55ED8839A8E07ADFE
(not available)
5 %DesktopDir%\Windows Problems Stopper.lnk 825 bytes MD5: 0xD742DF97EB21A8E70A22BF98BF38685D
SHA-1: 0xF90E65D5B96BC0F5653AB3D409BB111A527D5AFB
(not available)
6 %System%\d3d8caps.dat 552 bytes MD5: 0xCD58F36EAC393C2D82ED577B68875174
SHA-1: 0x3E72027795BF8B89CD0D16F7D4B9D95436CEA10D
(not available)
7 [file and pathname of the sample #1] 2,207,373 bytes MD5: 0xA1A98DBEEB70483FF83876C5ECCDBFC0
SHA-1: 0x22FE9DB93EAB48C3D5DDAA51167465C09FFE6EF0
Rogue:Win32/FakePAV [Microsoft]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
Protector-qxl.exe%AppData%\protector-qxl.exe4,403,200 bytes

 

Registry Modifications

 

Other details

Germany
Russian Federation

PortProtocolProcess
1034UDPProtector-qxl.exe (%AppData%\Protector-qxl.exe)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.