W32/VBNA-AH

Category: Viruses and Spyware Protection available since:14 Dec 2012 00:46:40 (GMT)
Type: Win32 worm Last Updated:14 Dec 2012 00:46:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/VBNA-AH include:

Example 1

File Information

Size
224K
SHA-1
2a026ce6e8f425c6249614d741083f358e677dba
MD5
6fba636c7e3d8c15d37d1f4aabce5a6e
CRC-32
342b54dc
File type
Windows executable
First seen
2012-10-29

Runtime Analysis

Dropped Files
  • F:/Sexy.exe
    Size
    224K
    SHA-1
    803e8fef66f68c940355b7149b61b72d3bd7c066
    MD5
    3779010b39f49974450d8ab3b8cb7f0a
    CRC-32
    5cb5d504
    File type
    Windows executable
    First seen
    2012-10-29
  • F:/Porn.exe
    Size
    224K
    SHA-1
    e4a139b58ffe93200ae68bd924f95eaf7dd02a7a
    MD5
    d590a9d9d8e37bb23279b545387a1c99
    CRC-32
    057b5541
    File type
    Windows executable
    First seen
    2012-10-29
  • c:\Documents and Settings\test user\cioaf.exe
    Size
    224K
    SHA-1
    394ce04ac69b3c8d98ff89bdca27d8ea9f8bf0d6
    MD5
    7e1ab38f095e8f40639e1381d4bafc41
    CRC-32
    efc1f8ed
    File type
    Windows executable
    First seen
    2012-10-29
  • F:/Passwords.exe
    Size
    224K
    SHA-1
    0da37808953c830ec15c572c8871d59045d83cd2
    MD5
    f451d712cb9977f32349d3092470380a
    CRC-32
    18f2f21c
    File type
    Windows executable
    First seen
    2012-10-29
  • F:/cioaf.exe
    Size
    224K
    SHA-1
    0628d8ff928b9df56e81cb993828f3d964fdffe5
    MD5
    e81efe31f0ad34165c92492f4d2c9211
    CRC-32
    ca1acd4e
    File type
    Windows executable
    First seen
    2012-10-29
  • F:/Secret.exe
    Size
    224K
    SHA-1
    0628d8ff928b9df56e81cb993828f3d964fdffe5
    MD5
    e81efe31f0ad34165c92492f4d2c9211
    CRC-32
    ca1acd4e
    File type
    Windows executable
    First seen
    2012-10-29
Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    cioaf
    c:\Documents and Settings\test user\cioaf.exe /e
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Run
    c:\Documents and Settings\test user\cioaf.exe /d
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    cioaf
    c:\Documents and Settings\test user\cioaf.exe /i
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\cioaf.exe
DNS Requests
  • ns1.helpupdated.com
  • ns1.helpupdater.net
  • ns1.helpupdates.com

Example 2

File Information

Size
224K
SHA-1
3a6277acafd13b89434236487f65c0cdb0e3ea4c
MD5
0e7a3af0451d09dd1e68b20a0a2cee47
CRC-32
8ac59cb2
File type
Windows executable
First seen
2012-10-28

Runtime Analysis

Dropped Files
  • F:/hvyeij.exe
    Size
    224K
    SHA-1
    5dfe30bd888f3665fee2ce27584084274d64c4c6
    MD5
    ab09fe92fd639833edd8d7d09e2d19ad
    CRC-32
    f79622c7
    File type
    Windows executable
    First seen
    2012-10-28
  • F:/Secret.exe
    Size
    224K
    SHA-1
    5dfe30bd888f3665fee2ce27584084274d64c4c6
    MD5
    ab09fe92fd639833edd8d7d09e2d19ad
    CRC-32
    f79622c7
    File type
    Windows executable
    First seen
    2012-10-28
  • F:/Sexy.exe
    Size
    224K
    SHA-1
    99899d7b05a76202aba4d30796daac8590a8f7d5
    MD5
    52f3493f8485958966c8148678f4c0de
    CRC-32
    3a8fb53a
    File type
    Windows executable
    First seen
    2012-10-28
  • c:\Documents and Settings\test user\hvyeij.exe
    Size
    224K
    SHA-1
    e8c28646b55662e92e9ca30b9c139b58b3bed3b2
    MD5
    119e0cb5793ee25c727450eab0b11946
    CRC-32
    fb51fb71
    File type
    Windows executable
    First seen
    2012-10-28
  • F:/Passwords.exe
    Size
    224K
    SHA-1
    f53430296361cf9d85c352e7255249ca204a78b6
    MD5
    8f549f10e1ddeaa09b86bbd8ca57f33e
    CRC-32
    7ec89222
    File type
    Windows executable
    First seen
    2012-10-28
  • F:/Porn.exe
    Size
    224K
    SHA-1
    294d65a204bf173601c1c00fab8d4bb026dd75e6
    MD5
    79002480d2146b4454fcc2a3763d31bd
    CRC-32
    6341357f
    File type
    Windows executable
    First seen
    2012-10-28
Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Run
    c:\Documents and Settings\test user\hvyeij.exe /w
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    hvyeij
    c:\Documents and Settings\test user\hvyeij.exe /p
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    hvyeij
    c:\Documents and Settings\test user\hvyeij.exe /x
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\hvyeij.exe
DNS Requests
  • ns1.helpupdated.com
  • ns1.helpupdater.net
  • ns1.helpupdates.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information