W32/AutoIt-SX

Categoria: Virus e spyware Opzioni di protezione ora disponibili:30 apr 2013 09:27:14 (GMT)
Tipo: Win32 worm Ultimo aggiornamento:30 apr 2013 09:27:14 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

W32/AutoIt-SX exhibits the following characteristics:

File Information

Size
901K
SHA-1
34f1f3c7531694e6162bb795e05781727f5b95a0
MD5
28d3a628b71f137d72bc41d9485b7971
CRC-32
6c912441
File type
Windows executable
First seen
2013-04-25

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Qau\syponoi.exe
    Size
    901K
    SHA-1
    97caa78eb81bf0e91f415192d27c05a21e17e2d0
    MD5
    e026ec15bb04e6060e44e9e26ae645c2
    CRC-32
    3de26cea
    File type
    Windows executable
    First seen
    2013-04-30
  • c:\Documents and Settings\test user\Application Data\Exacfi\teoftoo.uca
    Size
    1.1K
    SHA-1
    8164cec88b0046249260ffb9c0edf66566bc26d1
    MD5
    c8794783414a499440853db4a0e2ab7f
    CRC-32
    3c4397f0
    File type
    Unspecified binary - probably data
    First seen
    2013-04-30
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Vyeq
    Goufur
    m□□P□□□w□□3□□x□@`□□□□□□□□□□□□□0□□□□□□□□P□□ (□PE□□□□□V□0□□□X□□f□□□□□□□□)□P□□□□□p7□□□□@□□□&□□X□□□□pX□@9□□□□□Q□p□□□□□□□□□A□□□□□□□□□□□□□`x□@{□□□□@□□□□□□U□□x□09□□□□□h□0D□`'□p□□□F□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {9BB4AE73-CB78-BDB2-2F99-EC9EDD149165}
    "c:\Documents and Settings\test user\Application Data\Qau\syponoi.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    f8 8b 6a cc 6b 45 ce 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\qau\syponoi.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • mswelling.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito