Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Autorun.S

Trojan.Autorun.S

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 25,296
Threat Level: 80 % (High)
Infected Computers: 6
First Seen: September 20, 2021
Last Seen: February 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Autorun.S
Signature status: No Signature

Known Samples

MD5: 2141a7fb72cc3dc42e8a87855e7d67bf
SHA1: bcb4dd1814b65ac4803c0bca4e4c471f07b0e81b
SHA256: A085B342D3E8E17C194E7E546C2D3A764FEFB961FB79A266AE382399CDA845C9
File Size: 173.43 KB, 173432 bytes
MD5: d79e93ffaadc4ce22a145d22e47595cb
SHA1: a4ba5989a45366d670cb2565908f4487debc0ab8
SHA256: 6B09F78B49BBFE0635A140E5ADA87C3CBC39A71DF5B7C78CB8D73673E0B50C77
File Size: 169.41 KB, 169408 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name Adobe Systems Incorporated
File Description Eula display
File Version
  • 9.3.0.148
  • 9.1.0.0
Internal Name Eula.exe
Legal Copyright
  • Copyright 2008 Adobe Systems Incorporated. All rights reserved.
  • Copyright 2008-2010 Adobe Systems Incorporated and its licensors. All rights reserved.
Original Filename Eula.exe
Product Name EULA
Product Version
  • 9.3.0.148
  • 9.1.0.0

File Traits

  • 2+ executable sections
  • HighEntropy
  • SusSec
  • x86

Block Information

Total Blocks: 297
Potentially Malicious Blocks: 13
Whitelisted Blocks: 282
Unknown Blocks: 2

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 1 0 1 0 1 0 2 0 1 1 2 ? ? 0 0 2 2 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autorun.S

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey

Trending

Most Viewed

Loading...