INF_RIMECUD.CI
March 25, 2015
ALIASES:
Trojan.Win32.AutoRun.cny (Kaspersky); Win32/Bflient.Y worm (NOD32);
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may be dropped by other malware.
It automatically executes files when a user opens a drive.
TECHNICAL DETAILS
File Size:
258 bytes
File Type:
INF
Memory Resident:
No
Initial Samples Received Date:
14 Sep 2011
Arrival Details
This Trojan may be dropped by other malware.
Propagation
The said .INF file contains the following strings:
[AutoRun]
USEAUTOPLAY=1
shellexcute=peace/showtime.exe
Shellasia
shell\Explore\command=peace/showtime.exe
shell\Open\command=peace/showtime.exe
icon=peace/showtime.exe
open=peace/showtime.exe
action=0pen folder to view files using Windows Explorer
Other Details
This Trojan automatically executes the following files when a user opens a drive:
- {drive letter}:\peace\showtime.exe