AutoClose.exe

Autoclose

Tencent Technology(Shenzhen) Company Limited

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable AutoClose.exe has been detected as malware by 26 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AutoClose’.
Publisher:
Microsoft Corporation  (signed by Tencent Technology(Shenzhen) Company Limited)

Product:
Autoclose

Description:
定时自动关机程序

Version:
4.08

MD5:
5a14161693df86cd41fc0806cd2d25f0

SHA-1:
863acdd6fe11175111683788e4df6baaa358fb61

SHA-256:
ea4c9200e831e8e4af0eb5afb7e4c6c95b262824ad456b84a4bd2d52b2f5d1c9

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
12/25/2024 4:43:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.KDV.720179
180

Avira AntiVirus
TR/Rogue.kdv.720179.1
8.3.1.6

Arcabit
Trojan.Generic.KDV.DAFD33
1.0.0.425

Baidu Antivirus
Trojan.Win32.Dropper
4.0.3.1687

Bitdefender
Trojan.Generic.KDV.720179
1.0.20.1100

Comodo Security
UnclassifiedMalware
22756

Emsisoft Anti-Malware
Trojan.Generic.KDV.720179
8.16.08.07.03

Fortinet FortiGate
W32/Dorgam.JK!tr
8/7/2016

F-Secure
Trojan.Generic.KDV.720179
11.2016-07-08_1

G Data
Trojan.Generic.KDV.720179
16.8.25

IKARUS anti.virus
Trojan-Dropper.Win32.Dorgam
t3scan.1.9.5.0

Kaspersky
Trojan-Dropper.Win32.Dorgam
14.0.0.-213

McAfee
Artemis!5A14161693DF
5600.6314

Microsoft Security Essentials
Trojan:Win32/Msposer.A
1.1.11804.0

MicroWorld eScan
Trojan.Generic.KDV.720179
17.0.0.660

NANO AntiVirus
Trojan.Win32.Trojan-Dropper.xjcxw
0.30.24.2487

nProtect
Trojan/W32.Agent.206168.C
15.07.13.01

Panda Antivirus
Trj/OCJ.D
16.08.07.03

Rising Antivirus
PE:Trojan.Win32.Generic.151A666A!354051690
23.00.65.16805

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
WORM_AUTORUN.BMC
7.2.220

Trend Micro
WORM_AUTORUN.BMC
10.465.07

Vba32 AntiVirus
TrojanDropper.Dorgam
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
41982

ViRobot
Trojan.Win32.S.Agent.206168[h]
2014.3.20.0

Zillya! Antivirus
Dropper.Dorgam.Win32.190
2.0.0.2286

File size:
201.3 KB (206,168 bytes)

Product version:
4.08

Copyright:
版权所有

Trademarks:
Microsoft Corporation

Original file name:
AutoClose.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\autoclose\autoclose.exe

Digital Signature
Authority:
VeriSign Inc.

Valid from:
1/4/2012 1:13:37 PM

Valid to:
1/4/2200 1:16:44 PM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O=VeriSign Inc., C=US

Serial number:
6103D998000000000002

File PE Metadata
Compilation timestamp:
2/23/2012 3:03:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:dVEZxg+6lXrXnq4t8ACy8CHWIflRPSv8XTIMqXAKQpj9TVGOo5J0+3jxVxRwAY/Z:bMxw7asCy8oWaav8b7QYolN+2Ee2apiz

Entry address:
0x237C

Entry point:
68, 90, EF, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BA, 6C, A9, 6D, 9C, 12, 64, 45, 9D, 8D, C7, 8F, F3, 1F, CF, F9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 43, 68, 61, 72, 73, 65, B6, A8, CA, B1, D7, D4, B6, AF, B9, D8, BB, FA, 00, 20, 31, 33, 00, 00, 00, 00, FF, CC, 31, 00, 20, 34, 78, A0, 9F, 23, E2, 02, 41, BF, 79, A7, A1, 23, 08, 20, 32, CC, 8F, 3A, 69, 87, 72, A9, 46, B2, E5, 4D, ED, 59, 12, 6E, 11, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.2241

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
180 KB (184,320 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AutoClose

Command:
C:\Program Files\autoclose\autoclose.exe -a


Remove AutoClose.exe - Powered by Reason Core Security