W32/Autorun-BHC

Category:	Viruses and Spyware	Protection available since:	01 Sep 2010 07:14:53 (GMT)
Type:	Win32 worm	Last Updated:	02 Sep 2010 06:03:52 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Autorun-BHC include:

Example 1

File Information

Size: 184K
SHA-1: 009ed21caecb6b8f3a10f0cad3d155d79c35337a
MD5: ee8ad04b717a09f3f3b44038c1d8cd28
CRC-32: 8734b04d
File type: application/x-ms-dos-executable
First seen: 2010-08-31

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\1f43_appcompat.txt
F:/Passwords.lnk
Size
378
SHA-1
8b784227a7c99966b20fb7f0a44e0145778c3985
MD5
7952e4d1642cb81efc874575b71e889c
CRC-32
f8653608
File type
application/octet-stream
First seen
2010-08-31
F:/weaxie.exe
Size
184K
SHA-1
d3f2cebacdaa1120b8a1a06fdda78a03dff7eed0
MD5
ca6d9b6db67c34932d215b1a757eabae
CRC-32
3ed5ed47
File type
application/x-ms-dos-executable
First seen
2010-08-31
c:\Documents and Settings\test user\weaxie.exe
Size
184K
SHA-1
265c30dd0ae215fcbc1a960894604b59bebafb07
MD5
b1b1095c2d1fef49264575f65108164d
CRC-32
5492af73
File type
application/x-ms-dos-executable
First seen
2010-08-31
F:/weaxiex.exe
Size
184K
SHA-1
265c30dd0ae215fcbc1a960894604b59bebafb07
MD5
b1b1095c2d1fef49264575f65108164d
CRC-32
5492af73
File type
application/x-ms-dos-executable
First seen
2010-08-31
F:/Documents.lnk
Size
378
SHA-1
8d09ce88f80265699b0c02466b360c994bf023c1
MD5
136ba06e615fd2731ac30a6a2c1a3581
CRC-32
61d9fc4f
File type
application/octet-stream
First seen
2010-08-31
F:/Music.lnk
Size
370
SHA-1
ea354ad6d8f4b4c9c6456e8c4d4f5c421dfc20ba
MD5
b161ea589f89e0b3109c747cb3e2bc44
CRC-32
c02a20e8
File type
application/octet-stream
First seen
2010-08-31
F:/New Folder.lnk
Size
380
SHA-1
7ddfba9068c80d7410e3abe1b97886b515844a1b
MD5
496d5109c37f4fb89bb60bdffc858613
CRC-32
394f31ca
File type
application/octet-stream
First seen
2010-08-31
F:/autorun.inf
Size
125
SHA-1
a404c0bc00639351d7b5931699b9d8bbe7347b08
MD5
937bac76c2ea8045799c2c4114ef2f4b
CRC-32
688c46d8
File type
application/octet-stream
First seen
2010-08-31
F:/Pictures.lnk
Size
376
SHA-1
3f7e490e22ac53565ccabc96c941b18f8eeb2f5a
MD5
92647feab607ea0ca9a88b0badff02ac
CRC-32
68c8722b
File type
application/octet-stream
First seen
2010-08-31
F:/Video.lnk
Size
370
SHA-1
8f2e62155f2a7e546c44afc3ed4638857bff11bd
MD5
aa719b2eda93f56f7a937e85b3fbccb0
CRC-32
81f91259
File type
application/octet-stream
First seen
2010-08-31

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
weaxie
c:\Documents and Settings\test user\weaxie.exe /l

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Processes Created

c:\documents and settings\support\weaxie.exe

DNS Requests

ns1.codeconline.biz

Example 2

File Information

Size: 204K
SHA-1: 022574372de917dc498930d1fad188a651505474
MD5: 4085296e5843f542467ce3ca8aa401c9
CRC-32: 9b0b0983
File type: application/x-ms-dos-executable
First seen: 2010-09-02

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\piekoi.exe
Size
204K
SHA-1
97b0714f14ec309fb989716e14097ef0e65b3f43
MD5
ff55c69d7b2239b9674173caf39d2842
CRC-32
a84acff4
File type
application/x-ms-dos-executable
First seen
2010-09-02

DNS Requests

ns1.codeconline.biz

Example 3

File Information

Size: 313K
SHA-1: 033b700b1e40e08ec3916e20584f64e7020cd739
MD5: 613985504a8d962a96bec7b7b7610967
CRC-32: c70de152
File type: application/x-ms-dos-executable
First seen: 2010-08-30

Other vendor detection

Avira: Worm/VBNA.anee
Kaspersky: Worm.Win32.VBNA.anee

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\usmon.exe
Size
184K
SHA-1
dc9b7fa1cec80c467bd6912af5932a15844bc63c
MD5
77d3864f557d3ed344df87fb9b15f728
CRC-32
d9cdf803
File type
application/x-ms-dos-executable
First seen
2010-08-30
c:\Documents and Settings\test user\pemon.exe
Size
72K
SHA-1
ca7b2e7e10168978758c964b917fa87c441ff174
MD5
ed360e77ffee308d5b3cf15ab815a1f7
CRC-32
e999ffa3
File type
application/x-ms-dos-executable
First seen
2010-08-30
c:\Documents and Settings\test user\sbmon.exe
Size
80K
SHA-1
6afe44929accdbbe7976eb21a82465075317ecfd
MD5
f9dd831093a02e011fc186d0812bcd42
CRC-32
8badcb6d
File type
application/x-ms-dos-executable
First seen
2010-08-30
c:\Documents and Settings\test user\immon.exe
Size
108K
SHA-1
cb47d14726eadfe0c52a82b8b5735afdaf5de1c4
MD5
b0dca2020ca99a164c3b7dcff61ada9b
CRC-32
1cdac3f7
File type
application/x-ms-dos-executable
First seen
2010-08-27

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Administrative Tools
c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools

Try Sophos products for free
Download now

W32/Autorun-BHC

Example 1

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

DNS Requests

Example 2

File Information

Runtime Analysis

Dropped Files

DNS Requests

Example 3

File Information

Other vendor detection

Runtime Analysis

Dropped Files

Registry Keys Modified

Free Mac Anti-Virus

Popular topics