Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Contains characteristics of an identified security risk.


Technical Details:


Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonPrograms%\Anti-Virus Professional\Anti-Virus Professional .lnk 792 bytes MD5: 0x9C08A82B7E2A4EE831DBD5ED729E057C
SHA-1: 0xA35D51190DFD4511722AC1E6FFDA168DC1AFA54C
(not available)
2 %CommonPrograms%\Anti-Virus Professional\Uninstall Anti-Virus Professional .lnk 717 bytes MD5: 0x76714CF658F4BB150459541BA3912452
SHA-1: 0x0A82776833008A1B755139A91AC75E59D22B002C
(not available)
3 %DesktopDir%\Anti-Virus Professional.lnk 862 bytes MD5: 0xF5BABF5217BC5C374BCC7A4A740C3472
SHA-1: 0x0E665E03BF0F007894445E9C24168A2F3BB7C690
(not available)
4 %ProgramFiles%\Anti-Virus Professional\Anti-Virus Professional.exe 1,699,488 bytes MD5: 0x91817DFD2579CAE93B6D6890371673D2
SHA-1: 0xB9DBA0263F4E66D34B41AC9CC73A9E4F144297FE
Trojan.Win32.FraudPack.vml [Kaspersky Lab]
Trojan.Win32.FakeAV [Ikarus]
5 %ProgramFiles%\Anti-Virus Professional\ 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
6 %ProgramFiles%\Anti-Virus Professional\nutilities.dll 131,072 bytes MD5: 0x8B8464D090D814566269D9BB3FA8DDE3
SHA-1: 0x1476CCB4E616B58BFC316D513478B58CFC05D781
(not available)
7 %ProgramFiles%\Anti-Virus Professional\unins000.dat 4,124 bytes MD5: 0xED754FF9F91CE76BB5327E1687CB9DEE
SHA-1: 0x485E76C3CD03FEC2E87920B4F88E29BE7ABE5291
(not available)
8 %ProgramFiles%\Anti-Virus Professional\unins000.exe 685,338 bytes MD5: 0xF42846F6C3A385C8A0AF5119FA9DA978
SHA-1: 0x35FC23F82B131359C36C903769D21E50644EDB94
(not available)
9 %ProgramFiles%\Anti-Virus Professional\UninstlDll.dll 389,120 bytes MD5: 0x3DC9A849E555C85EC64F77ED532659BB
SHA-1: 0xB4EE43A87894300218D730E037CAC4E5EB94941A
Trojan.SuspectCRC [Ikarus]
10 [file and pathname of the sample #1] 2,431,232 bytes MD5: 0xF740DE8052F0E8E89624414066CE4ED3
SHA-1: 0x5B1564ABF337E437EBFD04A24A9430CD937FB9A4
Trojan.Win32.FraudPack.vml [Kaspersky Lab]
AntiVirusPro [McAfee]
Trojan.Win32.FakeAV [Ikarus]


Registry Modifications


Other details


Remote HostPort Number



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.