| Visit ThreatExpert web site | | | Close Report |
[Sophos] [Microsoft] [Ikarus]| What's been found | Severity Level |
| Sets the drive to autoplay by creating autorun.inf file in its root directory. If the drive is shared across the network then other remote computers can be infected any time they try to access this share. |  |
| Downloads/requests other files from Internet. |  |
| Modifies some system settings that may have negative impact on overall system security state. |  |
| Creates a startup registry entry. | |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
| Worm.Autorun.AAYF |
Worm.Autorun.AAYF is a threat that spread through removable drives and it can run in the background without the knowledge of the user. |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | c:\autorun.inf | 63 bytes | MD5: 0x6C435662540156D781D4657822D701EA SHA-1: 0x1A910E14A1598D2D9FFD2676DC4A0E8C29E48637 |
(not available) |
| 2 |
c:\l6w2eaih.exe
[file and pathname of the sample #1] %System%\uret463.exe
|
101,526 bytes | MD5: 0x9D14254087C34DFBCE98E259683F0EA5 SHA-1: 0xED35E4B632DF42EA8BDE23B5A3C5536ACB85F99E |
Mal/Frethog-B [Sophos] Worm:Win32/Taterf.B [Microsoft]Trojan.Win32.Inhoo [Ikarus] |
| 3 |
%System%\lhgjyit0.dll
%System%\lhgjyit1.dll
%System%\lhgjyit2.dll
|
80,896 bytes | MD5: 0x002DE2CCB2A116B6DD954EDB2E7381F2 SHA-1: 0xFA1D99182976029E230DE489E8F788BEA303B613 |
Troj/Virtum-Gen [Sophos] TrojanDownloader:Win32/Small.gen!AA [Microsoft]Worm.Win32.Taterf [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| uret463.exe | %System%\uret463.exe | 266,240 bytes |
| [filename of the sample #1] | [file and pathname of the sample #1] | 266,240 bytes |
| iexplore.exe | %ProgramFiles%\Internet Explorer\iexplore.exe | 102,400 bytes |
| Module Name | Module Filename | Address Space Details |
| lhgjyit2.dll | %System%\lhgjyit2.dll | Process name: explorer.exe Process filename: %Windir%\explorer.exe Address space: 0x21F0000 - 0x2228000 |
| lhgjyit0.dll | %System%\lhgjyit0.dll | Process name: IEXPLORE.EXE Process filename: %ProgramFiles%\internet explorer\iexplore.exe Address space: 0x1B10000 - 0x1B48000 |
 | Registry Modifications |
 | Other details |
| URL to be downloaded | Filename for the downloaded bits |
| http://iytgfvcxs.com/xjj/cc1.rar | %Temp%\cc1.rar |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.