Home / malwarePDF  

VirTool:INF/Autorun.gen!H


First posted on 05 June 2019.
Source: Microsoft

Aliases :

There are no other names known for VirTool:INF/Autorun.gen!H.

Explanation :

VirTool:INF/Autorun.gen!H is a generic detection for the "autorun.inf" configuration data file that performs automated actions associated with removable media drives. One such action is to open an executable named "BUMARAdarica.exe" when the drive is first initialized or accessed and Autorun is enabled. InstallationVirTool:INF/Autorun.gen!H is installed and associated with worms that spread by means of removable drive media. This Autorun configuration file is commonly found in the root of the infected removable media and contains text instructions which are executed when such media is first attached or inserted in to the system and Autorun is enabled. Payload Executes other filesWhen such media is first attached or inserted in to the system and Autorun is enabled, INF/Autorun.gen!H runs an accompanying file named "BUMARAdarica.exe", also located on the removable drive. The VirTool:INF/Autorun.gen!H also changes the default double-click behavior for the removable drive and its icon, which is shown as a closed-folder icon, hence suggesting a double-click action to open it when viewed by Windows Explorer. If the drive is opened via a double-click (or by pressing the Enter key), the file "BUMARAdarica.exe" is executed. Additional InformationThe file "BUMARAdarica.exe" is commonly associated with the Win32/Rimecud worm.  Analysis by Oleg Petrovsky

Last update 05 June 2019

 

TOP