W32/Autoit-XM

Catégorie: Virus et spywares Protection disponible depuis:13 sept. 2013 08:29:10 (GMT)
Type: Win32 worm Dernière mise à jour :13 sept. 2013 08:29:10 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of W32/Autoit-XM include:

Example 1

File Information

Size
889K
SHA-1
566eeba4ec5cfbd31834ab989c35fceec9a76d3d
MD5
6ded51bb18a306c00d249bc145893ce2
CRC-32
a003aac3
File type
Windows executable
First seen
2013-09-13

Example 2

File Information

Size
493K
SHA-1
744f9e4fc0b77b5b7229e442c23c42b20b4f45bf
MD5
269f81338ddcb01589340c049ce88441
CRC-32
f28c507b
File type
PK ZIP archive
First seen
2013-09-13

Example 3

File Information

Size
889K
SHA-1
b473ddcd1b735b9a3a1ae6d5fd2e275de5021fef
MD5
e562175d19ea3a1199d02ad098310cc1
CRC-32
df2aa996
File type
Windows executable
First seen
2013-09-13

Runtime Analysis

Dropped Files
  • C:\debug.txt
  • c:\Documents and Settings\test user\Application Data\Yxofbu\saca.huy
    Size
    477
    SHA-1
    16f9aa54ef191cc158379f69815b08f9f55c00dd
    MD5
    ae870a2823852f1295e68d2687814c17
    CRC-32
    c9de7ea3
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
  • c:\Documents and Settings\test user\Application Data\Gezya\dyip.exe
    Size
    889K
    SHA-1
    566eeba4ec5cfbd31834ab989c35fceec9a76d3d
    MD5
    6ded51bb18a306c00d249bc145893ce2
    CRC-32
    a003aac3
    File type
    Windows executable
    First seen
    2013-09-13
  • c:\Documents and Settings\test user\Application Data\Yxofbu\saca.tmp
    Size
    563
    SHA-1
    ce5dae9acc6967c3dbb4c3ff0b4d8d0209d65f0e
    MD5
    050e05d639fb1c11420deffcb514166e
    CRC-32
    8eadedf3
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Ilecaz
    Zuonad
    □□□□|□□;□□□□□□□□R□p□□□□□□□□`□□□□□p□□□□□□□□□+□□□□□<□@W□□□□□□□□T□pd□□6□□P□p=□□N□□□□□□□@=□@t□□□□@□□□R□□z□□□□p□□P□□□□□@□□□]□□0□□'□□A□□□□□□□□2□□□□□e□□□□□□□□Q□□□□p*□0&□□□□□o□□i□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {EAD0A5BF-9770-AEB0-EFE8-141AF7778E99}
    "c:\Documents and Settings\test user\Application Data\Gezya\dyip.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    a2 9e 19 a5 25 b0 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\gezya\dyip.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://cafecolibri.mx/lk/k/config.bin
DNS Requests
  • cafecolibri.mx

download Essayez les produits Sophos gratuitement
Téléchargez maintenant