W32/Tupym-C

Category: Viruses and SpywareProtection available since:14 Jun 2011 13:49:58 (GMT)
Type: Win32 wormLast Updated:14 Jun 2011 13:49:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Tupym-C exhibits the following characteristics:

File Information

Size
877K
SHA-1
eec2eb7dd84afe0fa352b68d8a10aa3e54ca1946
MD5
1ba2081d6d63c53ee943c4dbb2e55567
CRC-32
63f9b944
File type
application/x-ms-dos-executable
First seen
2011-06-14

Other vendor detection

Kaspersky
Worm.Win32.AutoRun.fnc

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\system3_.exe
  • C:\WINDOWS\system3_.exe
Dropped Files
  • C:\WINDOWS\system32\autorun.ini
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Yahoo Messengger
    C:\WINDOWS\system32\system3_.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NofolderOptions
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    AtTaskMaxHours
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.mydreamworld.50webs.com
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe system3_.exe
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Search Page
    http://www.mydreamworld.50webs.com
Processes Created
  • c:\windows\system32\at.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://h1.ripway.com/asdb000/setting.ini
  • http://h1.ripway.com/asdb002/setting.ini
  • http://h1.ripway.com/asdb004/setting.ini
  • http://h1.ripway.com/asdb006/setting.ini
  • http://www.balu000.0catch.com/set/setting.ini
  • http://www.balu001.0catch.com/set/setting.ini
  • http://www.balu002.0catch.com/set/setting.ini
  • http://www.balu003.0catch.com/set/setting.ini
DNS Requests
  • h1.ripway.com
  • www.balu000.0catch.com
  • www.balu001.0catch.com
  • www.balu002.0catch.com
  • www.balu003.0catch.com