W32/Autorun-CAL

Kategorie: Viren und Spyware Schutz verfügbar seit:22 Mrz 2013 00:05:16 (GMT)
Typ: Win32 worm Zuletzt aktualisiert:22 Mrz 2013 04:40:44 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of W32/Autorun-CAL include:

Example 1

File Information

Size
1.4M
SHA-1
111f4e60cda96b25ef8411c47d57678e8c97e62e
MD5
1d5155f15790c548b609bfcc6e880e69
CRC-32
488bedbd
File type
Windows executable
First seen
2013-02-25

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\hsrecorder.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\MMBPlayer\Send.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\MMBPlayer\plugy.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\MMBPlayer\vuros.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\MMBPlayer\Systools.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\MMBPlayer\autorun.inf
Registry Keys Created
  • HKCU\Software\MediaChance\Multimedia Player 4.9.8\memorigetstar
    timerset
    2396
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    recorder
    c:\docume~1\support\locals~1\temp\hsrecorder.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\mmbplayer\vuros.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe

Example 2

File Information

File type
Windows executable

Example 3

File Information

File type
Windows executable

Download Sophos Produkte kostenlos testen
Jetzt downloaden