Fandom

Malware Wiki

MicroFake

1,335pages on
this wiki
Add New Page
Comments0 Share

Trojan.Win32.MicroFake.p or MicroFake is a trojan that manipulates the executable "sc.exe".

Payload

After being installed onto the victim, the trojan carries out the following commands with the system utility sc.exe.

sc.exe config wuauserv start= auto
sc.exe config BITS start= demand
sc.exe stop wuauserv
sc.exe config BITS start= disabled
sc.exe config wuauserv start= disabled

The trojan then cancels the launch of the Windows Automatic Update service on startup. It also cancels the automatic launch of the "Background Intelligent Transfer" Service. It will then open the following domain on the Internet Explorer browser, after that, the trojan terminates.

http://windo***pdate.microsoft.com

Technical Details

MD5: 2F0A719F90F423DBC2080803957CEB34
SHA1: 833A0DCC4770C9E982546F772351D316FE4A09BF

Sources

Securelist (Kaspersky Labs), Trojan.Win32.MicroFake.p

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.