W32/AutoRun-BLW

Category: Viruses and SpywareProtection available since:14 Dec 2010 06:31:20 (GMT)
Type: Win32 wormLast Updated:14 Dec 2010 06:31:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/AutoRun-BLW include:

Example 1

File Information

Size
81K
SHA-1
3ccb707d752ffae3399b04e98be964847642eec3
MD5
ed09c86a92f4ccc9a6743390d962692b
CRC-32
b1779097
File type
application/x-ms-dos-executable
First seen
2010-12-13

Example 2

File Information

Size
155K
SHA-1
731b5c9f3ae48a028fdafd8dc26f6e8cc546b949
MD5
ab45bc930665e41763a0e64bd92c7bb7
CRC-32
a81cce0a
File type
application/x-ms-dos-executable
First seen
2010-12-14

Example 3

File Information

Size
594K
SHA-1
bd8099af11fc1541be14207b1639d90be5c65b48
MD5
651c7c49229bbc97eb1dd9f48a27cda3
CRC-32
f35c9cd9
File type
application/x-ms-dos-executable
First seen
2010-12-12

Other vendor detection

Avira
TR/Spy.607744.4
Kaspersky
Trojan-Downloader.Win32.Delf.algw

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\AdobeAIM.exe
  • F:/RECYCLER/S-1-6-21-2434476521-1645645927-702000330-1542/autorun.exe
Dropped Files
  • C:\WINDOWS\system32\adobe66.exe
    Size
    81K
    SHA-1
    8283d9c3074c76f4f1d5211dff546a1bcf888340
    MD5
    6180a5a9517b15094bd31da29b412ad3
    CRC-32
    823142dc
    File type
    application/x-ms-dos-executable
    First seen
    2010-12-14
  • C:\WINDOWS\system32\adobe91.exe
    Size
    88K
    SHA-1
    39d50b99d1e1d6f3de2256044266118402aa2369
    MD5
    66effcfb2f144c8e68c7058dc097c300
    CRC-32
    91be97b0
    File type
    application/x-ms-dos-executable
    First seen
    2010-12-14
  • F:/RECYCLER/S-1-6-21-2434476521-1645645927-702000330-1542/Desktop.ini
    Size
    511
    SHA-1
    af01b756c5bf6fb4a4569f864c9902b754312f2e
    MD5
    5ec07f6120a61d6b543e6b0e77a18dc7
    CRC-32
    e459f94e
    File type
    application/octet-stream
    First seen
    2010-12-14
  • F:/autorun.inf
    Size
    284
    SHA-1
    13ed3705645d259253d24953017b860e11b16ab8
    MD5
    0711220c519aafdebb00dde26580da1b
    CRC-32
    accde09e
    File type
    application/octet-stream
    First seen
    2010-12-14
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Adobe Updater 5.2
    C:\WINDOWS\system32\AdobeAIM.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\WINDOWS\system32\AdobeAIM.exe
    C:\WINDOWS\system32\AdobeAIM.exe:*:Enabled:Explorer
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
    gnome5
    12
Processes Created
  • c:\windows\system32\adobe66.exe
HTTP Requests
  • http://whatismyip.com/automation/n09230945.asp
IP Connections
  • 172.17.112.157:445
  • 172.17.112.158:445
  • 172.17.112.159:445
  • 172.17.112.160:445
  • 172.17.112.161:445
  • 172.17.112.162:445
  • 172.17.153.146:445
  • 172.17.153.147:445
  • 172.17.153.148:445
  • 172.17.153.149:445
  • 172.17.153.150:445
  • 172.17.153.151:445
  • 172.17.194.135:445
  • 172.17.194.136:445
  • 172.17.194.137:445
  • 172.17.235.124:445
  • 172.17.235.125:445
  • 172.17.235.126:445
  • 172.17.30.179:445
  • 172.17.30.180:445
  • 172.17.30.181:445
  • 172.17.30.182:445
  • 172.17.30.183:445
  • 172.17.30.184:445
  • 172.17.71.168:445
  • 172.17.71.169:445
  • 172.17.71.170:445
  • 172.17.71.171:445
  • 172.17.71.172:445
  • 172.17.71.173:445
  • 172.18.102.91:445
  • 172.18.102.92:445
  • 172.18.102.93:445
  • 172.18.102.94:445
  • 172.18.102.95:445
  • 172.18.143.80:445
  • 172.18.143.81:445
  • 172.18.143.82:445
  • 172.18.143.83:445
  • 172.18.143.84:445
  • 172.18.184.69:445
  • 172.18.184.70:445
  • 172.18.184.71:445
  • 172.18.184.72:445
  • 172.18.184.73:445
  • 172.18.20.113:445
  • 172.18.20.114:445
  • 172.18.20.115:445
  • 172.18.20.116:445
  • 172.18.20.117:445
  • 172.18.225.58:445
  • 172.18.225.59:445
  • 172.18.225.60:445
  • 172.18.225.61:445
  • 172.18.225.62:445
  • 172.18.61.102:445
  • 172.18.61.103:445
  • 172.18.61.104:445
  • 172.18.61.105:445
  • 172.18.61.106:445
  • 172.19.10.47:445
  • 172.19.10.48:445
  • 172.19.10.49:445
  • 172.19.10.50:445
  • 172.19.10.51:445
  • 172.19.133.14:445
  • 172.19.133.15:445
  • 172.19.133.16:445
  • 172.19.133.17:445
  • 172.19.133.18:445
  • 172.19.174.3:445
  • 172.19.174.4:445
  • 172.19.174.5:445
  • 172.19.174.6:445
  • 172.19.174.7:445
  • 172.19.214.248:445
  • 172.19.214.249:445
  • 172.19.214.250:445
  • 172.19.214.251:445
  • 172.19.255.237:445
  • 172.19.255.238:445
  • 172.19.255.239:445
  • 172.19.255.240:445
  • 172.19.51.36:445
  • 172.19.51.37:445
  • 172.19.51.38:445
  • 172.19.51.39:445
  • 172.19.51.40:445
  • 172.19.92.25:445
  • 172.19.92.26:445
  • 172.19.92.27:445
  • 172.19.92.28:445
  • 172.19.92.29:445
  • 172.20.122.204:445
  • 172.20.122.205:445
  • 172.20.122.206:445
  • 172.20.122.207:445
  • 172.20.163.193:445
  • 172.20.163.194:445
  • 172.20.163.195:445
  • 172.20.163.196:445
  • 172.20.204.182:445
  • 172.20.204.183:445
  • 172.20.204.184:445
  • 172.20.204.185:445
  • 172.20.245.171:445
  • 172.20.245.172:445
  • 172.20.245.173:445
  • 172.20.245.174:445
  • 172.20.40.226:445
  • 172.20.40.227:445
  • 172.20.40.228:445
  • 172.20.40.229:445
  • 172.20.81.215:445
  • 172.20.81.216:445
  • 172.20.81.217:445
  • 172.20.81.218:445
  • 172.21.112.138:445
  • 172.21.112.139:445
  • 172.21.112.140:445
  • 172.21.112.141:445
  • 172.21.153.127:445
  • 172.21.153.128:445
  • 172.21.153.129:445
  • 172.21.153.130:445
  • 172.21.194.116:445
  • 172.21.194.117:445
  • 172.21.194.118:445
  • 172.21.194.119:445
  • 172.21.235.105:445
  • 172.21.235.106:445
  • 172.21.235.107:445
  • 172.21.235.108:445
  • 172.21.30.160:445
  • 172.21.30.161:445
  • 172.21.30.162:445
  • 172.21.30.163:445
  • 172.21.71.149:445
  • 172.21.71.150:445
  • 172.21.71.151:445
  • 172.21.71.152:445
  • 172.22.102.72:445
  • 172.22.102.73:445
  • 172.22.102.74:445
  • 172.22.102.75:445
  • 172.22.143.61:445
  • 172.22.143.62:445
  • 172.22.143.63:445
  • 172.22.143.64:445
  • 172.22.184.50:445
  • 172.22.184.51:445
  • 172.22.184.52:445
  • 172.22.184.53:445
  • 172.22.20.94:445
  • 172.22.20.95:445
  • 172.22.20.96:445
  • 172.22.20.97:445
  • 172.22.225.39:445
  • 172.22.225.40:445
  • 172.22.225.41:445
  • 172.22.225.42:445
  • 172.22.61.83:445
  • 172.22.61.84:445
  • 172.22.61.85:445
  • 172.22.61.86:445
  • 172.23.10.28:445
  • 172.23.10.29:445
  • 172.23.10.30:445
  • 172.23.132.251:445
  • 172.23.132.252:445
  • 172.23.132.253:445
  • 172.23.173.240:445
  • 172.23.173.241:445
  • 172.23.173.242:445
  • 172.23.214.229:445
  • 172.23.214.230:445
  • 172.23.214.231:445
  • 172.23.255.218:445
  • 172.23.255.219:445
  • 172.23.255.220:445
  • 172.23.51.17:445
  • 172.23.51.18:445
  • 172.23.51.19:445
  • 172.23.92.6:445
  • 172.23.92.7:445
  • 172.23.92.8:445
  • 172.24.122.185:445
  • 172.24.122.186:445
  • 172.24.122.187:445
  • 172.24.163.174:445
  • 172.24.163.175:445
  • 172.24.163.176:445
  • 172.24.204.163:445
  • 172.24.204.164:445
  • 172.24.204.165:445
  • 172.24.245.152:445
  • 172.24.245.153:445
  • 172.24.245.154:445
  • 172.24.40.207:445
  • 172.24.40.208:445
  • 172.24.40.209:445
  • 172.24.81.196:445
  • 172.24.81.197:445
  • 172.24.81.198:445
  • 172.25.112.119:445
  • 172.25.112.120:445
  • 172.25.112.121:445
  • 172.25.153.108:445
  • 172.25.153.109:445
  • 172.25.153.110:445
  • 172.25.194.97:445
  • 172.25.194.98:445
  • 172.25.194.99:445
  • 172.25.235.86:445
  • 172.25.235.87:445
  • 172.25.235.88:445
  • 172.25.30.141:445
  • 172.25.30.142:445
  • 172.25.30.143:445
  • 172.25.71.130:445
  • 172.25.71.131:445
  • 172.25.71.132:445
  • 172.26.102.53:445
  • 172.26.102.54:445
  • 172.26.102.55:445
  • 172.26.143.42:445
  • 172.26.143.43:445
  • 172.26.143.44:445
  • 172.26.184.31:445
  • 172.26.184.32:445
  • 172.26.184.33:445
  • 172.26.20.75:445
  • 172.26.20.76:445
  • 172.26.20.77:445
  • 172.26.225.20:445
  • 172.26.225.21:445
  • 172.26.225.22:445
  • 172.26.61.64:445
  • 172.26.61.65:445
  • 172.26.61.66:445
  • 172.27.10.10:445
  • 172.27.10.11:445
  • 172.27.10.9:445
  • 172.27.132.232:445
  • 172.27.132.233:445
  • 172.27.132.234:445
  • 172.27.173.221:445
  • 172.27.173.222:445
  • 172.27.173.223:445
  • 172.27.214.210:445
  • 172.27.214.211:445
  • 172.27.214.212:445
  • 172.27.255.199:445
  • 172.27.255.200:445
  • 172.27.255.201:445
  • 172.27.50.254:445
  • 172.27.50.255:445
  • 172.27.51.0:445
  • 172.27.91.243:445
  • 172.27.91.244:445
  • 172.27.91.245:445
  • 172.28.122.166:445
  • 172.28.122.167:445
  • 172.28.122.168:445
  • 172.28.163.155:445
  • 172.28.163.156:445
  • 172.28.163.157:445
  • 172.28.204.144:445
  • 172.28.204.145:445
  • 172.28.204.146:445
  • 172.28.245.133:445
  • 172.28.245.134:445
  • 172.28.245.135:445
  • 172.28.40.188:445
  • 172.28.40.189:445
  • 172.28.40.190:445
  • 172.28.81.177:445
  • 172.28.81.178:445
  • 172.28.81.179:445
  • 172.29.112.100:445
  • 172.29.112.101:445
  • 172.29.112.102:445
  • 172.29.153.89:445
  • 172.29.153.90:445
  • 172.29.153.91:445
  • 172.29.194.78:445
  • 172.29.194.79:445
  • 172.29.235.67:445
  • 172.29.235.68:445
  • 172.29.30.122:445
  • 172.29.30.123:445
  • 172.29.30.124:445
  • 172.29.71.111:445
  • 172.29.71.112:445
  • 172.29.71.113:445
  • 172.30.102.34:445
  • 172.30.102.35:445
  • 172.30.143.23:445
  • 172.30.143.24:445
  • 172.30.184.12:445
  • 172.30.184.13:445
  • 172.30.184.14:445
  • 172.30.20.56:445
  • 172.30.20.57:445
  • 172.30.225.1:445
  • 172.30.225.2:445
  • 172.30.225.3:445
  • 172.30.61.45:445
  • 172.30.61.46:445
  • 172.31.132.213:445
  • 172.31.132.214:445
  • 172.31.132.215:445
  • 172.31.132.216:445
  • 172.31.132.217:445
  • 172.31.173.202:445
  • 172.31.173.203:445
  • 172.31.173.204:445
  • 172.31.173.205:445
  • 172.31.173.206:445
  • 172.31.214.191:445
  • 172.31.214.192:445
  • 172.31.214.193:445
  • 172.31.214.194:445
  • 172.31.214.195:445
  • 172.31.50.235:445
  • 172.31.50.236:445
  • 172.31.50.237:445
  • 172.31.50.238:445
  • 172.31.50.239:445
  • 172.31.9.246:445
  • 172.31.9.247:445
  • 172.31.9.248:445
  • 172.31.9.249:445
  • 172.31.9.250:445
  • 172.31.91.224:445
  • 172.31.91.225:445
  • 172.31.91.226:445
  • 172.31.91.227:445
  • 172.31.91.228:445
DNS Requests
  • sina.com.cn
  • wordpress.com
  • www.whatismyip.com