W32/VBNA-AF

Category:	Viruses and Spyware	Protection available since:	14 Dec 2012 00:46:40 (GMT)
Type:	Win32 worm	Last Updated:	14 Dec 2012 00:46:40 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/VBNA-AF include:

Example 1

File Information

Size: 84K
SHA-1: df61f573d1eeef0f726852bc802b954fdd0453d8
MD5: 8f78bdfd5f2a8e48aa83ba5478b85ad2
CRC-32: a241fdf3
File type: Windows executable
First seen: 2012-10-27

Runtime Analysis

Dropped Files

F:/Porn.exe
Size
84K
SHA-1
817cfad26a00b95fece035d6d414d36f7c7b8fbc
MD5
f4ede837b2cf3741caaa46b9e36481f0
CRC-32
b32b40db
File type
Windows executable
First seen
2012-10-27
F:/Secret.exe
Size
84K
SHA-1
0c4e9a0c7d02d662c21edc041d3144a3aa8c09dd
MD5
83f6c8de4d49262b332d4e3354cdc248
CRC-32
166b2008
File type
Windows executable
First seen
2012-10-27
c:\Documents and Settings\test user\kouecun.exe
Size
84K
SHA-1
b3fd6e115d8c9c3e263117fa4839668c93d27b3d
MD5
6743013ed9583271d3be3a596bef0b59
CRC-32
c0a7eaaa
File type
Windows executable
First seen
2012-10-27
F:/Sexy.exe
Size
84K
SHA-1
0c4e9a0c7d02d662c21edc041d3144a3aa8c09dd
MD5
83f6c8de4d49262b332d4e3354cdc248
CRC-32
166b2008
File type
Windows executable
First seen
2012-10-27
F:/Passwords.exe
Size
84K
SHA-1
4ffcb7bbe67ed20e831a7e942a0c8aaa33a6ffbd
MD5
9dec4793fc129c73a01be347bcd3d05e
CRC-32
b38de772
File type
Windows executable
First seen
2012-10-27
F:/kouecun.exe
Size
84K
SHA-1
0c4e9a0c7d02d662c21edc041d3144a3aa8c09dd
MD5
83f6c8de4d49262b332d4e3354cdc248
CRC-32
166b2008
File type
Windows executable
First seen
2012-10-27

Registry Keys Created

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kouecun
c:\Documents and Settings\test user\kouecun.exe /u
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Run
c:\Documents and Settings\test user\kouecun.exe /b
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kouecun
c:\Documents and Settings\test user\kouecun.exe /t

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Processes Created

c:\Documents and Settings\test user\kouecun.exe

DNS Requests

ns1.helpupdated.com
ns1.helpupdater.net
ns1.helpupdates.com

Example 2

File Information

Size: 84K
SHA-1: e502130c385955260e6949ae9f79910a23281e45
MD5: 08d6b4e792b70db64e997a3dd44caef1
CRC-32: f4d86916
File type: Windows executable
First seen: 2012-11-01

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\juuuqet.exe
Size
84K
SHA-1
5714918179758c31457cf484e966b484c1396067
MD5
bf377e20a7ab2d9edcd859da91424919
CRC-32
251d1959
File type
Windows executable
First seen
2012-11-02
F:/Passwords.exe
Size
84K
SHA-1
601250d721760b879266756e0c9dcb51cc946e5e
MD5
e3fc7a60506b21db0c361dfe646545e1
CRC-32
265a445f
File type
Windows executable
First seen
2012-11-02
F:/Porn.exe
Size
84K
SHA-1
50acfae099d6dbd4dcc7ae81ae08e6663f3a518d
MD5
28ac2e3c04aee4fad4ee618e027f1164
CRC-32
26fce3f6
File type
Windows executable
First seen
2012-11-02
F:/juuuqet.exe
Size
84K
SHA-1
6b2f55852d2fe24291d6fccd096197489a8d9799
MD5
0d11c30b7b2a071a829aa0fd7c595d5c
CRC-32
09991dbb
File type
Windows executable
First seen
2012-11-02
F:/Sexy.exe
Size
84K
SHA-1
e9736292a4f2dceb191ee9cbf9e9a13c8a7c7380
MD5
218d19765aa42c466de7b657f9fdd00b
CRC-32
83bc8325
File type
Windows executable
First seen
2012-11-02
F:/Secret.exe
Size
84K
SHA-1
6b2f55852d2fe24291d6fccd096197489a8d9799
MD5
0d11c30b7b2a071a829aa0fd7c595d5c
CRC-32
09991dbb
File type
Windows executable
First seen
2012-11-02

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
juuuqet
c:\Documents and Settings\test user\juuuqet.exe /b
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Run
c:\Documents and Settings\test user\juuuqet.exe /m
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
juuuqet
c:\Documents and Settings\test user\juuuqet.exe /y

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Processes Created

c:\Documents and Settings\test user\juuuqet.exe

DNS Requests

ns1.helpupdated.com
ns1.helpupdated.net
ns1.helpupdater.net
ns1.helpupdates.com

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

W32/VBNA-AF

Example 1

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

DNS Requests

Example 2

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

DNS Requests

Free Mac Anti-Virus

Popular topics