Troj/Autoit-XT

Category: Viruses and Spyware Protection available since:16 Sep 2013 10:07:51 (GMT)
Type: Trojan Last Updated:16 Sep 2013 10:07:51 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Autoit-XT include:

Example 1

File Information

Size
1.2M
SHA-1
01ff42786610f541a3dc03e21cf3feda6a6bf705
MD5
8080433f00ee8f291f7b80f2867d04c0
CRC-32
30b2837f
File type
application/x-ms-dos-executable
First seen
2013-09-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\f.txt
    Size
    139K
    SHA-1
    15ade03782e624bb076500bcbf3766b5dbb92118
    MD5
    513111067201304a681b081fa35a69f0
    CRC-32
    5f89994b
    File type
    Unspecified binary - probably data
    First seen
    2013-09-16
  • c:\Documents and Settings\test user\Application Data\Opybh\geno.exe
    Size
    1.2M
    SHA-1
    9933f9373eaa6220ec5c4c06a5e751fd3dee35be
    MD5
    9e65fae2bbb9fbc2a1d0b87c13504839
    CRC-32
    b5c4cb45
    File type
    Windows executable
    First seen
    2013-09-16
  • c:\Documents and Settings\test user\Application Data\Byev\zoyxl.umo
    Size
    477
    SHA-1
    43e86fd50d00154abec6dddc069bf2febca9b4c3
    MD5
    bf7f6d373980aeeb7dcfe292121b5e3b
    CRC-32
    5e31cc5e
    File type
    Unspecified binary - probably data
    First seen
    2013-09-16
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Ifdoq
    Kuykkofah
    $~□□7□`□□□□□`□□p□□`8□@□□@□□□□□pZ□@□□ `□@□□□T□□□□□□`□□□□□□□□□□□@j□□o□□□□□L□□@□□Z□□□□□□□□□□□l□□□□`□□p□□ □□`=□□□□□□□p□□Pj□P&□ □□□□□□□□□□□□L□□□□□□@□□□□□□l□□□□□□□□P□ □□P□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {D4B0A39F-55A5-9B3E-5188-15C11BCC2D96}
    "c:\Documents and Settings\test user\Application Data\Opybh\geno.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    ec bf 25 db 8e b2 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\opybh\geno.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://185.12.46.102/admin-biz/server/format.bin
  • http://cryptercoder.com/fun.txt
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
IP Connections
  • 185.12.46.102:80
DNS Requests
  • cryptercoder.com
  • www.google.bg
  • www.google.com

Example 2

File Information

Size
1.2M
SHA-1
9933f9373eaa6220ec5c4c06a5e751fd3dee35be
MD5
9e65fae2bbb9fbc2a1d0b87c13504839
CRC-32
b5c4cb45
File type
Windows executable
First seen
2013-09-16

download Try Sophos products for free
Download now