SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  AutoRun.FDL
AutoRun.FDL is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. AutoRun.FDL is compressed using the executable packer and its file size is 38,400 bytes. It uses the network connection:
  • Connects to "hubhub.ka3ek2.com" on port 1289 (TCP).
  • Sends data stream (10 bytes) to remote address "hubhub.ka3ek2.com", port 1289.
  • Connects to IRC Server.

AutoRun.FDL drops the following files on the hard drive:

  • C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (62 bytes)
  • C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndmgr.exe (38400 bytes)
It creates the following mutex to ensure only one instance is running: ntsound. It also attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes.


Relevant Information