home

autorun.exe

The USERTRUST Network

The executable autorun.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer.
Publisher:
The USERTRUST Network  (signed and verified)

MD5:
67ffc4f9dc54158989f1b46aae25f167

SHA-1:
08ff1735f6c891615f1a34cd0ad6735becdb4218

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/26/2024 5:44:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.10.4

Rising Antivirus
PE:Trojan.Win32.NSIS.b!1075357186
23.00.65.16204

File size:
48.4 KB (49,568 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\Documents and Settings\{user}\My documents\egdownloads\cepd18-full\cepd18-full\cepd18\autorun.exe

Digital Signature
Signed by:
The USERTRUST Network

Authority:
The USERTRUST Network

Valid from:
7/9/1999 7:31:20 PM

Valid to:
7/9/2019 7:40:36 PM

Subject:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
44BE0C8B500024B411D3362DE0B35F1B

File PE Metadata
Compilation timestamp:
6/9/2008 8:51:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
1536:qJZIRqN4Vcnc/yjVKETnY3QGRZ+dzow6RP70M:q9kcc/OJTMw6RPIM

Entry address:
0x37FF

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, D4, 50, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 27, 4A, 00, 00, 6A, 00, E8, 10, 51, 00, 00, A3, 18, F9, 42, 00, 6A, 08, E8, 37, 27, 00, 00, A3, C8, F9, 42, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, 4C, A2, 40, 00, E8, C5, 4F, 00, 00, 83, EC, 0C, 68, 4D, A2, 40, 00, 68, F8, F9, 42, 00, E8, 57, 29, 00, 00, 83, C4, 18, E8, EB, 49, 00, 00, 52, 52, 50, 68, 00, 80, 43, 00, E8, 42, 29, 00, 00, 57, 6A, 00, E8, B6, 48, 00, 00, 83...
 
[+]

Entropy:
6.0185

Code size:
30.5 KB (31,232 bytes)

Remove autorun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.