W32/Autorun-BHH

Category: Viruses and Spyware Protection available since:04 Sep 2010 10:01:09 (GMT)
Type: Win32 worm Last Updated:04 Sep 2010 10:01:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-BHH exhibits the following characteristics:

File Information

Size
1.4M
SHA-1
a84e168c07e12dbf32496454092fb08c0f74c0e9
MD5
87870a200a155facf1c33badbfeeb14f
CRC-32
08dbced2
File type
application/x-ms-dos-executable
First seen
2010-08-29

Other vendor detection

Avira
TR/Scar.cqxq
Kaspersky
Trojan.Win32.Scar.cqxq

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\msmgr.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\autorun.inf
    Size
    51
    SHA-1
    aa043f6d66508a84ccf55093afc306d9c11e513b
    MD5
    6a3a011c1da967ef419962a04fc9be48
    CRC-32
    38f8f0a9
    File type
    application/octet-stream
    First seen
    2010-08-20
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\autorun.inf
    Size
    51
    SHA-1
    aa043f6d66508a84ccf55093afc306d9c11e513b
    MD5
    6a3a011c1da967ef419962a04fc9be48
    CRC-32
    38f8f0a9
    File type
    application/octet-stream
    First seen
    2010-08-20
  • C:\Documents and Settings\All Users\Application Data\temp_ADS_AlternateDataStream_Found_0c7055df
    Size
    114
    SHA-1
    061e4d967d23972b759dfa1ddb096681e388752f
    MD5
    a3d0c9e496f388a6f2a14b680cc5ed02
    CRC-32
    84f0cdfe
    File type
    application/octet-stream
    First seen
    2010-09-04
Registry Keys Created
  • HKCR\CLSID\{C1880769-A9C5-B80A-A24C-F21835292CDA}
    twumyut
    ]IUmajPEcjrspvP
  • HKCR\CLSID\{C1880769-A9C5-B80A-A24C-F21835292CDA}\InprocServer32
    (Default)
    C:\WINDOWS\system32\scrrun.dll
  • HKCR\CLSID\{C1880769-A9C5-B80A-A24C-F21835292CDA}\ProgID
    (Default)
    ASP.HostEncode
  • HKLM\SOFTWARE\Licenses
    {0B1623D21E1572F4B}
    56 3e a8 0e 0b a2 a7 a6 41 06 53 98 93 a3 44 a3 73 28 91 6e d8 b6 05 a1 99 e8 09 9b 1f b1 5a 23 d6 f3 ab 33 ef d2 e7 63 5c b9 ad 41 db fd dd 63 cc ee 17 55 6c 9f 09 bc eb 2d c1 61 29 36 ac 15 16 96 2e 7d 2b bd d1 2d 8e 14 01 a8 60 5d 71 8f 00 0e ef a3 e1 ba 68 d1 8b 79 97 39 0f 93 48 5d 6e a7 3f c8 60 f7 a4 6a 08 fd a0 64 22 5c a6 ef 30 19
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MSN
    c:\Documents and Settings\test user\Application Data\msmgr.exe
Processes Created
  • c:\documents and settings\support\application data\msmgr.exe
DNS Requests
  • irc.undegroundworld.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy