Examples of HPsus/Autorun-D include:
Example 1
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\feezau.exe
- Size
- 144K
- SHA-1
- 8f8151f6ee1e8b1a5ad873cccdd50cfd2090e41e
- MD5
- 4871517ec1ae315d37daed44e1a9cc9c
- CRC-32
- dd2fb0f5
- File type
- application/x-ms-dos-executable
- First seen
- 2011-09-28
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- feezau
- c:\Documents and Settings\test user\feezau.exe /u
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
DNS Requests
Example 2
File Information
- Size
- 128K
- SHA-1
- 180f9b281021c300018e33bd80c0ff18363ad0ff
- MD5
- 073bd314df28af615ba9a31bd9b5c4dc
- CRC-32
- a51bc8d6
- File type
- application/x-ms-dos-executable
- First seen
- 2011-07-20
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\joeliu.exe
- Size
- 128K
- SHA-1
- d7e04655b8096068818f5d48235725976dbf8519
- MD5
- 2d310f2b7e2f7bfa3f90de8227bebf3b
- CRC-32
- 13b8d145
- File type
- application/x-ms-dos-executable
- First seen
- 2011-09-28
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- joeliu
- c:\Documents and Settings\test user\joeliu.exe /f
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
DNS Requests
Example 3
File Information
- Size
- 148K
- SHA-1
- 19d99c750e59389546c1bca4f53a64836da1e579
- MD5
- 182e1f00d8d91e6d4d0a573b5c032917
- CRC-32
- 7d1c24d7
- File type
- application/x-ms-dos-executable
- First seen
- 2011-08-29
Runtime Analysis
Dropped Files
- F:/Pictures.lnk
- Size
- 371
- SHA-1
- f55fda5c506cb67b39497ba43377acb844db5339
- MD5
- 874a6f5de75e477d2c1fa4ad5d83aab9
- CRC-32
- eacb4398
- File type
- application/octet-stream
- First seen
- 2011-09-28
- F:/seL.ico
- Size
- 2.2K
- SHA-1
- 449fd23520cacf57c39c3d26ab94ff23fcbad38b
- MD5
- 8ddc8a55a24272ad6663389731bb265f
- CRC-32
- 666d0500
- File type
- Icon for 32-bit Windows
- First seen
- 2011-01-21
- F:/Music.lnk
- Size
- 365
- SHA-1
- fad2274242537afa9e919bf9e08dd1514166f54f
- MD5
- 46ac0ba1229914412332b8c5a8d37ae9
- CRC-32
- 634127fe
- File type
- application/octet-stream
- First seen
- 2011-09-28
- F:/faneg.exe
- Size
- 148K
- SHA-1
- 34a17b4f2accc383fedd5b9f631442e8a4ee49eb
- MD5
- b5849e9e67bab806b0e41214d045d21b
- CRC-32
- f0bf4ba7
- File type
- application/x-ms-dos-executable
- First seen
- 2011-09-28
- F:/fanegx.exe
- Size
- 148K
- SHA-1
- 6990b14f3514e2f1ceb21b7871886cba8b6132d5
- MD5
- a36b7260d336c5979f96e2104410440a
- CRC-32
- 66676eee
- File type
- application/x-ms-dos-executable
- First seen
- 2011-09-28
- F:/New Folder.lnk
- Size
- 375
- SHA-1
- 3b90577ed3be8b418a721dd88c487d8876add4f8
- MD5
- ee8d46f266f88c7003854c1af2186a40
- CRC-32
- 905f8815
- File type
- application/octet-stream
- First seen
- 2011-09-28
- F:/Passwords.lnk
- Size
- 373
- SHA-1
- 7235617591d63ff5c05ef72a14636662790dc88e
- MD5
- 42be7add737faee9979d3db89fbd6402
- CRC-32
- 4f3ce6b3
- File type
- application/octet-stream
- First seen
- 2011-09-28
- F:/Video.lnk
- Size
- 365
- SHA-1
- 5c15e12d058232079f9d103d5e92de81e8b45f33
- MD5
- 1b171f97e42648036ac74aadd1b7c00d
- CRC-32
- 450c1aa1
- File type
- application/octet-stream
- First seen
- 2011-09-28
- F:/Documents.lnk
- Size
- 373
- SHA-1
- 6a065c6251cf98a00ad60b238b5e417e9545a95f
- MD5
- f19ee03450848854f1a09f3df1db3f0c
- CRC-32
- 938318d9
- File type
- application/octet-stream
- First seen
- 2011-09-28
- c:\Documents and Settings\test user\faneg.exe
- Size
- 148K
- SHA-1
- 6990b14f3514e2f1ceb21b7871886cba8b6132d5
- MD5
- a36b7260d336c5979f96e2104410440a
- CRC-32
- 66676eee
- File type
- application/x-ms-dos-executable
- First seen
- 2011-09-28
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- faneg
- c:\Documents and Settings\test user\faneg.exe /O
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\faneg.exe
DNS Requests