HPsus/Autorun-E

Kategorie: Verdächtiges Verhalten und verdächtige Dateien Schutz verfügbar seit:13 Apr 2012 19:05:55 (GMT)
Typ: Suspicious file Zuletzt aktualisiert:13 Apr 2012 19:05:55 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of HPsus/Autorun-E include:

Example 1

File Information

Size
37K
SHA-1
181cfc3ac97b6ea0b8fe25e184050ff77afc5d0c
MD5
c99bb1407282f36a20fd4a404e52606f
CRC-32
bd3a68c4
File type
application/x-ms-dos-executable
First seen
2012-03-07

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\sadrive32.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Microsoft Driver Setup
    C:\WINDOWS\sadrive32.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Driver Setup
    C:\WINDOWS\sadrive32.exe

Example 2

File Information

Size
30K
SHA-1
3f8372062838d82e90c3a585c469ff23c92c986a
MD5
ea28fa5415f881f7bdfd02228d7d37c0
CRC-32
a8ad7662
File type
application/x-ms-dos-executable
First seen
2012-02-20

Other vendor detection

Kaspersky
Worm.Win32.Ngrbot.kpb

Runtime Analysis

Copies Itself To
  • F:/RECYCLER/R-1-5-21-1482476501-1644491937-682003330-1013/ecleaner.exe
Dropped Files
  • F:/RECYCLER/R-1-5-21-1482476501-1644491937-682003330-1013/Desktop.ini
Modified Files
  • C:\RECYCLER
    • Set the readonly flag
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
DNS Requests
  • d.homler.net

Example 3

File Information

Size
23K
SHA-1
67400919ed7157aefb48d8b0825695e9bcfd5d98
MD5
f19bac38327ced646caf00385812400b
CRC-32
72e2794a
File type
application/x-ms-dos-executable
First seen
2012-02-13

Other vendor detection

Kaspersky
Backdoor.Win32.Floder.gqe

Runtime Analysis

Copies Itself To
  • F:/RECYCLER/R-1-5-21-1482476501-1644491937-682003330-1013/ecleaner.exe
Dropped Files
  • F:/RECYCLER/R-1-5-21-1482476501-1644491937-682003330-1013/Desktop.ini
Modified Files
  • C:\RECYCLER
    • Set the readonly flag
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
DNS Requests
  • d.homler.net

Download Sophos Produkte kostenlos testen
Jetzt downloaden