Troj/AutoIt-BID

Category: Viruses and SpywareProtection available since:17 Feb 2016 16:50:31 (GMT)
Type: TrojanLast Updated:17 Feb 2016 16:50:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/AutoIt-BID exhibits the following characteristics:

File Information

Size
1.5M
SHA-1
073720f70361106fcacd50c25d858637ce8368df
MD5
693699ea5e3f8d7c34b25be9100d9c17
CRC-32
0c045e8b
File type
Windows executable
First seen
2016-02-17

Other vendor detection

Avira
TR/Crypt.Xpack.403698

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\folder\filename.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\26C19984-2A01-45B5-A7B3-A568AF60C200\Logs\support\KB_189953.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\AwVh.vbs
  • c:\Documents and Settings\test user\Application Data\26C19984-2A01-45B5-A7B3-A568AF60C200\run.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\dcUrV.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\csWQ.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\eRjaEs.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\hasdX.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\ddAE.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\scn.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\sCSKQ.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\vicdFAf.vbs
  • c:\Documents and Settings\test user\Local Settings\Temp\ZVisd.vbs
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Media SDK
    C:\DOCUME~1\support\LOCALS~1\Temp\folder\filename.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\folder\filename.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe
  • c:\windows\system32\wscript.exe
IP Connections
  • 8.8.8.8:53
DNS Requests
  • mikelind52.ddns.net