Anti-Virus-1: new fake antivirus

Posted: February 20th, 2009 | Tags: Fake antivirus, Rogue |

Sites that distribute this:
Av1-site info
Av1-download info

Anti-Virus	Version	Last Update	Result
a-squared	4.0.0.93	2009.02.20	Trojan-Dropper.Agent!IK
AhnLab-V3	2009.2.20.1	2009.02.20	-
AntiVir	7.9.0.85	2009.02.20	-
Authentium	5.1.0.4	2009.02.20	-
Avast	4.8.1335.0	2009.02.19	-
AVG	8.0.0.237	2009.02.20	-
BitDefender	7.2	2009.02.20	-
CAT-QuickHeal	10.00	2009.02.20	-
ClamAV	0.94.1	2009.02.20	-
Comodo	983	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.20	-
eSafe	7.0.17.0	2009.02.19	-
eTrust-Vet	31.6.6367	2009.02.20	-
F-Prot	4.4.4.56	2009.02.19	-
F-Secure	8.0.14470.0	2009.02.20	Trojan:W32/Fakexpa.B
Fortinet	3.117.0.0	2009.02.20	-
GData	19	2009.02.20	-
Ikarus	T3.1.1.45.0	2009.02.20	Trojan-Dropper.Agent
K7AntiVirus	7.10.638	2009.02.20	-
Kaspersky	7.0.0.125	2009.02.20	Trojan-Downloader.Win32.Agent.bido
McAfee	5530	2009.02.19	-
McAfee+Artemis	5530	2009.02.19	Generic!Artemis
Microsoft	1.4306	2009.02.20	Trojan:Win32/FakeXPA
NOD32	3873	2009.02.20	-
Norman	6.00.06	2009.02.20	W32/DLoader.NMHG
nProtect	2009.1.8.0	2009.02.20	-
Panda	10.0.0.10	2009.02.20	Suspicious file
PCTools	4.4.2.0	2009.02.20	Trojan-Downloader.MisleadApp!sd6
Prevx1	V2	2009.02.20	Medium Risk Malware
Rising	21.17.42.00	2009.02.20	-
SecureWeb-Gateway	6.7.6	2009.02.20	-
Sophos	4.39.0	2009.02.20	-
Sunbelt	3.2.1855.2	2009.02.17	-
Symantec	10	2009.02.20	Downloader.MisleadApp
TheHacker	6.3.2.3.261	2009.02.20	-
TrendMicro	8.700.0.1004	2009.02.20	Cryp_FakeAV-11
VBA32	3.12.10.0	2009.02.20	-
ViRobot	2009.2.20.1617	2009.02.20	Trojan.Win32.Downloader.70144.BQ
VirusBuster	4.5.11.0	2009.02.20	-

Additional information
File size: 70144 bytes
MD5…: 27a882668aeda52450ef78a0d6e42a30
SHA1..: 1b0a845fe34d12e67ea24054c787e55167506bce
SHA256: ffa605e5eb4e1a4f9632258388ff2e85617905ca3a4392657846c9eb9f661982
SHA512: 323aab3dc18506a68facfedf24e2726a997139b2f6094fec24a16ff84a74420b a944a2c430ee9fffe5cb0b03139c921337e9dfd2e82e872058839251d32f3d28
ssdeep: 1536:luw9CaLG6L+vJ4s/6kkHr/C1RGi5Y7A0xoJ:jRG6L+lTk2bGi5YPxo
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×402251 timedatestamp…..: 0×4999a598 (Mon Feb 16 17:42:48 2009) machinetype…….: 0×14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×712c 0×7200 6.58 c760987fe39e0977bcae5d0c40b9848d .rdata 0×9000 0×2c9c 0×2e00 5.30 59d80ef15a167957ec0394e308051ddd .data 0xc000 0×21bc 0xe00 2.47 6ee4b8914cc69f76588bb18764af2e5e .rsrc 0xf000 0×4a10 0×4c00 5.60 99580890a59ec945f09e20510f4b8e97 .reloc 0×14000 0×1390 0×1400 3.84 73b76a54072e077b2e7ad5a4720332cb ( 7 imports ) > WININET.dll: InternetReadFile, InternetQueryDataAvailable, InternetErrorDlg, HttpSendRequestW, HttpOpenRequestW, InternetCloseHandle, InternetConnectW, InternetOpenW > SHLWAPI.dll: PathAppendW > WINHTTP.dll: WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpenRequest, WinHttpConnect, WinHttpOpen, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpCloseHandle > KERNEL32.dll: GetStringTypeA, WideCharToMultiByte, GetLocaleInfoA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, ExitProcess, MultiByteToWideChar, GetStringTypeW, GetLastError, CreateProcessW, CloseHandle, OpenMutexW, CreateMutexW, GetModuleFileNameW, CreateFileW, SetFilePointer, ReadFile, WriteFile, LoadLibraryA, RtlUnwind, LCMapStringA, LCMapStringW, CreateDirectoryW, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, HeapSize, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, DeleteCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapReAlloc, HeapCreate, GetModuleHandleW, Sleep, GetProcAddress, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId > USER32.dll: GetDesktopWindow, MessageBoxW, LoadStringW > ADVAPI32.dll: RegCreateKeyExW, RegCloseKey, RegSetValueExW, RegOpenKeyExW, RegOpenCurrentUser, RegSetValueExA > SHELL32.dll: SHGetFolderPathW, - ( 0 exports )
ThreatExpert info: <a href=’http://www.threatexpert.com/report.aspx?md5=27a882668aeda52450ef78a0d6e42a30′ target=’_blank’>http://www.threatexpert.com/report.aspx?md5=27a882668aeda52450ef78a0d6e42a30</a>
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=953C3FFB0067E148128001B191B327006B2FBD9A’ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=953C3FFB0067E148128001B191B327006B2FBD9A</a>