W32/AutoIt-TJ

Kategorie: Viren und Spyware Schutz verfügbar seit:13 Mai 2013 09:36:44 (GMT)
Typ: Win32 worm Zuletzt aktualisiert:13 Mai 2013 09:36:44 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of W32/AutoIt-TJ include:

Example 1

File Information

Size
1019K
SHA-1
0b2f0df9fb3b6e1a99a924c450926a5cbd3c0ff1
MD5
6105a781bb23670f7c28a362380c4bd4
CRC-32
8c83f5d4
File type
Windows executable
First seen
2013-05-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\bal.jpg
    Size
    50K
    SHA-1
    ea1ceec6b90bb97cc74979006bfedc0bdf3c3c7a
    MD5
    fafa052e1801744d5b93dcafcfaadd58
    CRC-32
    c19d119a
    File type
    JPEG Interchange Format
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Application Data\Xoovg\pamy.tmp
    Size
    563
    SHA-1
    03e95b90641061b1c0ba097503fc911e7a5d00e9
    MD5
    6db52fd5dc7a92a700d2ea3f30b25f31
    CRC-32
    52557e3c
    File type
    Unspecified binary - probably data
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Application Data\Xoovg\pamy.kya
    Size
    477
    SHA-1
    61aaafcc51d1354d741de1dd7a3280aca98a70cc
    MD5
    f3b88dd0682c5c7c3b78c8c3bbdee4ba
    CRC-32
    afcb1fbe
    File type
    Unspecified binary - probably data
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Application Data\Ynynxy\yval.exe
    Size
    1019K
    SHA-1
    6c26707f0cb8d29d9d5fd376ab541d308fd18218
    MD5
    c649991107109af54ccd83310334a1ab
    CRC-32
    47cfe921
    File type
    Windows executable
    First seen
    2013-05-13
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {6963B866-C696-D64B-728A-4E976E2393F0}
    "c:\Documents and Settings\test user\Application Data\Ynynxy\yval.exe"
  • HKCU\Software\Microsoft\Ipyq
    Lyci
    □□□P□□`□□□□□□□□□□□P□□□□□□i□□w□□j□□□□□L□ □□0□□□□□0q□□□□□□□ (□p□□ A□p□□□(□□□□pJ□□□□□V□ i□□□□□□□□□□p□□□Z□@e□p□□□/□0-□□□□□□□pF□p□□□□□□□□@7□`□□□□□@j□□□□□j□@□□0□□□'□□2□@□□0□□ 3□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    82 a1 80 24 8b 4f ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\ynynxy\yval.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://kalman.ch/mysite/images/fotok/blz/config.bin
DNS Requests
  • kalman.ch

Example 2

File Information

Size
1019K
SHA-1
6c26707f0cb8d29d9d5fd376ab541d308fd18218
MD5
c649991107109af54ccd83310334a1ab
CRC-32
47cfe921
File type
Windows executable
First seen
2013-05-13

Download Sophos Produkte kostenlos testen
Jetzt downloaden