SecurityHome.eu Win32.Worm.Autorun.VB.E

Home / malware PDF

Win32.Worm.Autorun.VB.E

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Worm.Autorun.VB.E is also known as Worm.Win32.AutoRun.aql, W32/Autorun.worm.h, virus, W32/AutoRun.CES, WORM_VB.BEZ.
Explanation :
Once executed, the worm drops two text files in the current directory
- taipingtime.txt
- taipingtime_flag.txt

The first one is empty, and the second one is 23 bytes long.

After it has been dropped, it tries to acces various network adresses in order to download an executable file in the system directory; this file is added in a autorun registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
aa = "%Windir% aipingtianguov1.1.exe"

It also opens an internet explorer page: http://edition.cnn.com/
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/VB.BKX
Trojan.VB.AQT
Win32.Worm.VB.NWW
Worm:VBS/HeadTail.A
Trojan.VB.AE
Trojan:VBS/StartPage.BO
Trojan.VB.AP
Trojan-Dropper:W32/VB.ME
Win32.Worm.VB.Ymeak.A
Worm:W32/VB.KQ