Trojan.FakeFlash.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 23,937 |
| Threat Level: | 90 % (High) |
| Infected Computers: | 1,436 |
| First Seen: | March 13, 2014 |
| Last Seen: | January 13, 2026 |
| OS(es) Affected: | Windows |
Fake Flash Player updates are among the most common ways of distributing Trojans and other threats. Inexperienced computer users are convinced into downloading these types of fake Flash Player updates through a variety of social engineering tactics. Various security programs detect one of these types of infections like Trojan.FakeFlash.A which may be distributed through social engineering tactics on social media networks. Trojan.FakeFlash.A in particular is distributed through Facebook spam that tries to tempt computer users into clicking on corrupted links through the promise of a pornographic video. Malware experts strongly counsel PC users to use common sense and safe browsing techniques to avoid being fooled through these types of attacks.
Table of Contents
The Facebook Strategy Linked to Trojan.FakeFlash.A
When a computer user is infected by a Trojan associated with Trojan.FakeFlash.A, Trojan.FakeFlash.A may use the victim's Facebook account to display Facebook posts and messages that are used by Trojan.FakeFlash.A to spread itself to other computers. Trojan.FakeFlash.A's spam will claim that there are private, raunchy videos of the affected account. Some of the messages used by Trojan.FakeFlash.A may use subject lines or sentences like '[user name] private video,' '[user name] naked video' or 'XXX private video,' taking names from the victim's Facebook friends list.
What Happens When You Click on Trojan.FakeFlash.A Messages?
Clicking on any of the messages or posts listed above, you are taken to a bogus YouTube website that may show that the video has millions of views. However, whenever the computer user tries to view the supposed 'video', an error message shows up. This message alleges that it is paramount to install an update for Flash Player. This supposed Flash Player update actually is Trojan.FakeFlash.A. When installed, Trojan.FakeFlash.A installs a Web browser plugin that takes over the victim's Facebook account in order to display additional Facebook spam and gain access to the victim's pictures and other privileged Facebook data.
Protect yourself from Trojan.FakeFlash.A. If you observe these types of suspicious messages on Facebook, it is important to avoid clicking on them. Notify your Facebook friends if their account is displaying the type of spam associated with a Trojan.FakeFlash.A infection or a similar social engineering threat like this one.
Analysis Report
General information
| Family Name: | Trojan.Autorun.I |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0cd674adb571ac1330a36c40b48aa1a3
SHA1:
ab10430e6a4ad5e77cfe37536272d7c2e3a4c5dc
SHA256:
8C776E4AD9A0ED33CCAB70BCB338518FCF79205F432A3C0EB4080EC9FF0F3EEF
File Size:
327.24 KB, 327242 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version | 1.00 |
| Internal Name | TJprojMain |
| Original Filename | TJprojMain.exe |
| Product Name | Project1 |
| Product Version | 1.00 |
File Traits
- x86
