Home / malwarePDF  

VirTool:Win32/Autorun.gen


First posted on 01 February 2020.
Source: Microsoft

Aliases :

There are no other names known for VirTool:Win32/Autorun.gen.

Explanation :

VirTool:Win32/Autorun.gen is a generic detection for an obfuscated .INF file named “autorun.inf”. The .INF file is created by malware and may be present in the root of infected removable media or shared folders and drives.
 
This malware-created autorun.inf file contains an instruction to execute executable malware when the infected media is accessed or viewed in Windows Explorer. Some malware adds non-executable random characters to autorun.inf to evade certain antimalware detection.
 
The "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.

The file autorun.inf is a configuration file in text file format that contains customizations and commands to be applied when Windows mounts a device such as disk drives or CD ROMs.  How the autorun.inf file is interpreted depends on the version of Windows in use, the drive type to be mounted and certain registry settings.

  Analysis by Shali Hsieh

Last update 01 February 2020

 

TOP