Sonicwall Signatures


Go to All Categories list.

AutoRun.WJIis a Worm. Autorun is a family of Worms that spreads by copying itself to network shares and removable drives. Some variants of this family are also capable of adding themselves to archive files on the victim machine. They are known to download additional malicious components to further damage the victims system.

      Process Related Changes
      It creates the following mutex(es):
      • "IESQMMUTEX_0_208"

      It creates the following process(es):
      • c:\Program Files\Internet Explorer\iexplore.exe [ \c:\Program Files\Internet Explorer\iexplore.exe -nohome ]

      Network Activity
      We observed the following DNS query/queries:

      Network Activity
      It attempts to connect to the following remote servers:
      • 79.135xxxxxx:8081
      • 79.135xxxxxx:8080

      Registry Related Changes
      It makes the following registry modifications to ensure infection after system reboot:
      • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost = C:\windows\temp\7f927540312f18e6cf7d66e0019d72ed.exe

      Relevant Information