home

auto_drv.exe

The executable auto_drv.exe, “WanDriver auto Install By Khaled Dabbas Almolaa” has been detected as malware by 39 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by a mass-mailing worm and virus that sends itself to email addresses gathered from the compromised computer and exploits remote vulnerabilities and attempts to infect files.
Description:
WanDriver auto Install By Khaled Dabbas Almolaa

Version:
5.31.0.0

MD5:
4cd1f0aa80c6a3c04e346f7fd46dad2d

SHA-1:
f90531d0fba794aa625f63cc808e24f275dbdaa4

SHA-256:
87d592f65430987f1f3b243bab999a3f4314a22d104828746be0ccc65f62260b

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/24/2024 11:47:50 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Runouce.B@mm
5763971

Agnitum Outpost
I-Worm.Chir.B
7.1.1

AhnLab V3 Security
Win32/ChiHack.6652
2015.07.08

Avira AntiVirus
W32/Chir.B
8.3.1.6

Arcabit
Win32.Runouce.E2C45E
1.0.0.425

avast!
Oncer
150602-1

AVG
Win32/Chir.B@mm
2015.0.4355

Baidu Antivirus
Virus.Win32.Runouce.$a
4.0.3.1577

Bitdefender
Win32.Runouce.B@mm
1.0.20.940

Bkav FE
W32.ChirBPE
1.3.0.6979

Clam AntiVirus
WIN.Worm.Brontok
0.98/20656

Comodo Security
EmailWorm.Win32.Runonce.~v001
22695

Dr.Web
Win32.Runonce.6652
9.0.1.05190

Emsisoft Anti-Malware
Win32.Runouce.B@mm
10.0.0.5366

ESET NOD32
Win32/Chir.B virus
7.0.302.0

Fortinet FortiGate
W32/Chir.B@mm
7/7/2015

F-Prot
W32/Thecid.B@mm
4.6.5.141

F-Secure
Win32.Runouce.B@mm
5.14.151

G Data
Win32.Runouce.B@mm
15.7.25

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.9.5.0

K7 AntiVirus
EmailWorm
13.205.16486

Kaspersky
Email-Worm.Win32.Runouce
15.0.0.543

McAfee
Virus.W32/Chir.b@MM
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.201.601.0

MicroWorld eScan
Win32.Runouce.B@mm
16.0.0.564

NANO AntiVirus
Trojan.Win32.IframeExec.dteiuc
0.30.24.2487

Norman
Win32.Runouce.B@mm
07.07.2015 03:10:29

nProtect
Win32.Runouce.B@mm
15.07.07.01

Panda Antivirus
Generic Malware
15.07.07.05

Quick Heal
W32.Runouce.B
7.15.14.00

Rising Antivirus
PE:Worm.ChineseHacker-2!23772
23.00.65.15705

Sophos
Virus 'W32/Chir-B'
5.15

Total Defense
Win32/Chir.B
37.1.62.1

Trend Micro House Call
PE_Chir.B
7.2.188

Trend Micro
PE_Chir.B
10.465.07

Vba32 AntiVirus
Virus.Win32.Chur.A
3.12.26.4

VIPRE Antivirus
Threat.219451
40786

ViRobot
Win32.Chir.B[h]
2014.3.20.0

Zillya! Antivirus
Worm.RunOnce.Win32.2
2.0.0.2272

File size:
480.2 KB (491,755 bytes)

Copyright:
Soporific

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
12/23/2011 1:59:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:KzcRD02J4Sq2vHGB67KWKKmDB8/o82Ly3D:IcRToImoAa/V2

Entry address:
0x11A0EF

Entry point:
60, E8, E6, 19, 00, 00, 8B, 74, 24, 20, E8, 08, 00, 00, 00, 61, 68, D0, 4E, 4E, 00, C3, E9, 59, E8, 01, 16, 00, 00, 81, E6, 00, F0, FF, FF, 81, EE, 00, 10, 00, 00, 66, 81, 3E, 4D, 5A, 75, F3, 0F, B7, 7E, 3C, 03, FE, 8B, 6F, 78, 03, EE, 8B, 5D, 20, 03, DE, 33, C0, 8B, D6, 83, C3, 04, 40, 8B, 3B, 03, FA, E8, 0F, 00, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 41, 64, 64, 72, 65, 73, 73, 00, 5E, 33, C9, B1, 0F, FC, F3, A6, 75, DA, 8B, F2, 8B, 5D, 24, 03, DE, 0F, B7, 0C, 43, 8B, 5D, 1C, 03, DE, 8B, 1C, 8B, 03, DE, 81...
 
[+]

Entropy:
7.4771

Packer / compiler:
ASPack v1.08.04

Code size:
268 KB (274,432 bytes)

Remove auto_drv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.