Worm

About “Worm.Autorun.RE8” infection

Malware Removal

The Worm.Autorun.RE8 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Autorun.RE8 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Worm.Autorun.RE8?



File Info:

name: 965F2054FD15FA38E410.mlw
path: /opt/CAPEv2/storage/binaries/56c94f8ceedca38c7bb94c5844e931b1f8bdf93a2806b0c004bb15f799657917
crc32: 21D4BC5B
md5: 965f2054fd15fa38e410b1ad431feab5
sha1: 9d072a028b6d71b3ae45e4cbbdedcdb014b7f6db
sha256: 56c94f8ceedca38c7bb94c5844e931b1f8bdf93a2806b0c004bb15f799657917
sha512: 71f181554597c8f7fe9c81b604b27c88f062c27932001ba39ab624fa60f80098cab3cc1a682afb99a23691efab72b116edd81f0727db353126b9fbe78e392985
ssdeep: 6144:Wf+Jjjou35J6i5plrzuo6/LkeYvjoIHnv0RX/VwFdLD/7MsrYMC+9GXL9M8sG3dW:hj8u3ui5pl+uBvc/V0FdYxJdRqMS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149A46D32F3F19433D1331A788D5B93AC982ABE113D28A8467BE91D4C5F39791742B297
sha3_384: f940385196c737522bc6e1bf6461784a8fcb94894c0e9a3334d4952f71a0db94a0705ac727f616b2b91aca77fae01fbd
ep_bytes: 558bec83c4f0b850554600e8fc18faff
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Worm.Autorun.RE8 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.14301
MicroWorld-eScanGen:Variant.Zusy.359768
CAT-QuickHealWorm.Autorun.RE8
ALYacGen:Variant.Zusy.359768
CylanceUnsafe
ZillyaWorm.AutoRun.Win32.550
SangforTrojan.Win32.Save.a
K7GWTrojan ( 005726171 )
K7AntiVirusTrojan ( 005726171 )
BitDefenderThetaGen:NN.ZelphiF.34294.DGW@aCpuCyki
CyrenW32/Worm.ALYD
SymantecW32.SillyFDC
ESET-NOD32Win32/AutoRun.Delf.J
TrendMicro-HouseCallMal_Otorun5
ClamAVWin.Worm.Autorun-314
KasperskyTrojan.Win32.Fsysna.dhqm
BitDefenderGen:Variant.Zusy.359768
NANO-AntivirusTrojan.Win32.AutoRun.dzjjvz
SUPERAntiSpywareTrojan.Agent/Gen-Autorun
AvastWin32:AutoRun-AOY [Wrm]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Zusy.359768
EmsisoftGen:Variant.Zusy.359768 (B)
ComodoWorm.Win32.AutoRun.~ZP@2mkay
BaiduWin32.Worm.Autorun.s
VIPRETrojan.Win32.Generic!SB.0
TrendMicroMal_Otorun5
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
SentinelOneStatic AI – Malicious PE
FireEyeGeneric.mg.965f2054fd15fa38
SophosML/PE-A + Mal/SillyFDC-A
IkarusWorm.Win32.AutoRun
GDataGen:Variant.Zusy.359768
JiangminWorm/AutoRun.dir
WebrootW32.Autorun.Gen
AviraDR/Delphi.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3F55
KingsoftHeur.SSC.2722881.1216.(kcloud)
ArcabitTrojan.Zusy.D57D58
MicrosoftWorm:Win32/Autorun.RE
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.AutoRun.C65764
Acronissuspicious
McAfeeW32/Autorun.worm.zi
TACHYONWorm/W32.DP-AutoRun.483840
VBA32TScope.Trojan.Delf
MalwarebytesMalware.AI.1856542377
APEXMalicious
RisingWorm.Autorun!1.9D28 (CLASSIC)
YandexTrojan.GenAsa!l9OHG3irraI
MAXmalware (ai score=87)
eGambitUnsafe.AI_Score_100%
FortinetW32/Autorun.DJ!worm
AVGWin32:AutoRun-AOY [Wrm]
Cybereasonmalicious.4fd15f
PandaW32/Autorun.AJK.worm

How to remove Worm.Autorun.RE8?

Worm.Autorun.RE8 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment