Skip navigation.
Home

Looking for Buritos.exe sample

Hi,

Anybody have Buritos.exe sample?
Thanks!

i uploaded a copy of

i uploaded a copy of buritos.exe

8a7c0d76e0e8c4d447d88c606f81b6b8

buritos

Thank you for your file.
Do you have another version?
It creates "karina.dat" and inserts to the "AppInit_DLLs" registry value.

More info on Buritos.exe / Braviax.exe

This malware is a fake alert which downloads a few different rogue apps. Most recently they have been WinReanimator, XPSecurityCenter and XP Antivirus. The infection creates a new beep.sys file in \system32\drivers, replacing the original. Also either karina.dat or cur629.dat are created depending on the variant.

This one is tricky to remove. You will need to use an early file deletion software to get the .dat files. Failure to do so will cause reinfection.

filename or AV-name

The filename buritos.exe can refer to many versions of an executable program/malware.
If I search the internet for the filename, I found two different types malware:
one is a downloader (KAV-name: Win32.FraudLoad), the other a backdoor (Win32.Small.Eug).

This one is the downloader.

Not sure if this is the sample what TS was searching for.

What I want to say is: it is easier to find a requested sample when you post an AV-name, not just a filename.
You can rename every file to buritos.exe

buritos

I mean Troj/FakeAle-DQ:
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealedq.html