W32/Autorun-CAP

Category: Viruses and Spyware Protection available since:05 Apr 2013 15:56:52 (GMT)
Type: Win32 worm Last Updated:05 Apr 2013 15:56:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Autorun-CAP include:

Example 1

File Information

Size
224K
SHA-1
aa26cf7da005a9d940c4b2346df7499175f2fe4f
MD5
8e14851fa4bf9e1fae7836adeb6a8150
CRC-32
165b9a0c
File type
Windows executable
First seen
2013-04-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\igfxhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFF77B.tmp
Modified Files
  • C:\INSTALLERS\PerlOLD.zip
    • Changed the file contents
  • C:\INSTALLERS\SLext32.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\SAMPLE1.XLS
    • Changed the file contents
  • C:\gnu\man.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT3.XLS
    • Changed the file contents
  • C:\gnu\contrib.zip
    • Changed the file contents
  • C:\INSTALLERS\2010-06-10-c_bin-trimmed.zip
    • Changed the file contents
  • C:\INSTALLERS\Win32-GuiTest-1.59-made.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT4.XLS
    • Changed the file contents
  • C:\INSTALLERS\configuresav-oa-off-on.zip
    • Changed the file contents
  • C:\INSTALLERS\ole_MM.zip
    • Changed the file contents
  • C:\INSTALLERS\goat_bin_save_hips_kmd-test1bin.zip
    • Changed the file contents
  • C:\bin\misc\bin_pe_files.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT8.XLS
    • Changed the file contents
  • C:\bin\OLD\configuresav.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT1.XLS
    • Changed the file contents
  • C:\gnu\include.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT2.XLS
    • Changed the file contents
  • C:\INSTALLERS\SLext32-2.zip
    • Changed the file contents
  • C:\INSTALLERS\Perlfresh.zip
    • Changed the file contents
  • C:\INSTALLERS\Win32-GuiTest-1.59.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\sample1.doc
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT7.XLS
    • Changed the file contents
  • C:\INSTALLERS\mm-libs-jh.zip
    • Changed the file contents
  • C:\INSTALLERS\Contig.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT9.XLS
    • Changed the file contents
  • C:\gnu\manifest.zip
    • Changed the file contents
  • C:\gnu\info.zip
    • Changed the file contents
  • C:\INSTALLERS\Win32-Screenshot-1.20-made.zip
    • Changed the file contents
  • C:\bin\OLD\drivers.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT5.XLS
    • Changed the file contents
  • C:\INSTALLERS\bin-goatxp-2010-06-07-tidy2.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT6.XLS
    • Changed the file contents
  • C:\gnu\doc.zip
    • Changed the file contents
  • C:\INSTALLERS\SysinternalsSuite.zip
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableRegistryTools
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    igfxhost
    c:\Documents and Settings\test user\igfxhost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
    LastIndex
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
    CheckedValue
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
    UncheckedValue
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
    UncheckedValue
    0x00000001

Example 2

File Information

Size
176K
SHA-1
d4837feae231d7426493b9e4423bf9e9a91c6cb4
MD5
c593545fa1574602cce6c6ea09a52f4e
CRC-32
45e23db2
File type
application/x-ms-dos-executable
First seen
2013-04-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\igfxhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFFBDE.tmp
Modified Files
  • C:\INSTALLERS\mm-libs-jh.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT1.XLS
    • Changed the file contents
  • C:\INSTALLERS\Win32-GuiTest-1.59.zip
    • Changed the file contents
  • C:\INSTALLERS\Contig.zip
    • Changed the file contents
  • C:\INSTALLERS\SLext32-2.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT5.XLS
    • Changed the file contents
  • C:\gnu\manifest.zip
    • Changed the file contents
  • C:\INSTALLERS\SysinternalsSuite.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT3.XLS
    • Changed the file contents
  • C:\gnu\man.zip
    • Changed the file contents
  • C:\INSTALLERS\configuresav-oa-off-on.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\SAMPLE1.XLS
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT4.XLS
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT6.XLS
    • Changed the file contents
  • C:\INSTALLERS\ole_MM.zip
    • Changed the file contents
  • C:\bin\OLD\configuresav.zip
    • Changed the file contents
  • C:\INSTALLERS\Win32-GuiTest-1.59-made.zip
    • Changed the file contents
  • C:\gnu\doc.zip
    • Changed the file contents
  • C:\bin\OLD\drivers.zip
    • Changed the file contents
  • C:\INSTALLERS\Win32-Screenshot-1.20-made.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\sample1.doc
    • Changed the file contents
  • C:\INSTALLERS\SLext32.zip
    • Changed the file contents
  • C:\INSTALLERS\2010-06-10-c_bin-trimmed.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT9.XLS
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT8.XLS
    • Changed the file contents
  • C:\INSTALLERS\PerlOLD.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT2.XLS
    • Changed the file contents
  • C:\INSTALLERS\bin-goatxp-2010-06-07-tidy2.zip
    • Changed the file contents
  • C:\INSTALLERS\goat_bin_save_hips_kmd-test1bin.zip
    • Changed the file contents
  • C:\gnu\contrib.zip
    • Changed the file contents
  • C:\gnu\include.zip
    • Changed the file contents
  • C:\gnu\info.zip
    • Changed the file contents
  • %MY_DOCUMENTS%\GOAT7.XLS
    • Changed the file contents
  • C:\bin\misc\bin_pe_files.zip
    • Changed the file contents
  • C:\INSTALLERS\Perlfresh.zip
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
    LastIndex
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    DisableRegistryTools
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    igfxhost
    c:\Documents and Settings\test user\igfxhost.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
    UncheckedValue
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
    UncheckedValue
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
    CheckedValue
    0x00000000

download Try Sophos products for free
Download now