Examples of W32/Clarbat-Gen include:
Example 1
File Information
- Size
- 51K
- SHA-1
- 003cab4c48f611fd67d228cd2c5e92656ec80494
- MD5
- ad74dc843bdc3894bff1a25988c63dcf
- CRC-32
- e928cd6b
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-26
Other vendor detection
- Avira
- TR/Crypt.ZPACK.Gen
- Kaspersky
- Worm.Win32.AutoRun.bmrz
Runtime Analysis
Copies Itself To
- C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
Registry Keys Created
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
- UncheckedValue
- 0x00000000
Example 2
File Information
- Size
- 44K
- SHA-1
- 07ba8b62ee0fedb4fb4ddc6810de2e82a8f6f793
- MD5
- 54612e3a1379039ce3c10d73a0611357
- CRC-32
- b2c960b0
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Other vendor detection
- Avira
- TR/Crypt.ZPACK.Gen
Runtime Analysis
Copies Itself To
- C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
- F:/RECYCLER/wmimgmt.exe
Dropped Files
- F:/AuToRUn.iNf
- C:\Documents and Settings\All Users\DRM\Media\A0000043.db
- Size
- 3.9K
- SHA-1
- 1cc6ff9bdadc84361e2d4678dd93792340ddb013
- MD5
- 006395aa5a8e22ceca34c3d55503c072
- CRC-32
- 675a6b71
- File type
- application/octet-stream
- First seen
- 2010-09-08
- c:\Documents and Settings\test user\Local Settings\Temp\L4SD\A0000043.db
- Size
- 64
- SHA-1
- dc9e4362239f0cf1360699d10930652cf9b6b533
- MD5
- 6db6c06f8b49355d00075d3d8958b8dc
- CRC-32
- 23d0813e
- File type
- application/octet-stream
- First seen
- 2010-09-06
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- wmi32
- C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
Processes Created
- c:\documents and settings\all users\application data\wmimgmt.exe
- c:\windows\system32\chcp.com
- c:\windows\system32\cmd.exe
- c:\windows\system32\findstr.exe
- c:\windows\system32\net.exe
- c:\windows\system32\net1.exe
- c:\windows\system32\systeminfo.exe
- c:\windows\system32\tasklist.exe
DNS Requests
- windowsupdate.microsoft.com
Example 3
File Information
- Size
- 58K
- SHA-1
- 091b3698cc4b3a085361e7829b7df9be37cf325d
- MD5
- eee212a0ca7012bbc286e01093096b9a
- CRC-32
- f0dae9ad
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-08
Runtime Analysis
Copies Itself To
- C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
- F:/RECYCLER/wmimgmt.com
Dropped Files
- C:\Documents and Settings\All Users\DRM\Media\A0000043.db
- Size
- 226K
- SHA-1
- ffed0fa7c0e73599a9796a73ba948737cb33156d
- MD5
- e71be1845a34e894fd4f045b4feb3efd
- CRC-32
- 97d7f3e6
- File type
- application/octet-stream
- First seen
- 2010-09-08
- F:/RECYCLER/desktop.ini
- Size
- 79
- SHA-1
- 528b98593d3217598c3aa24b2257dadd38681bee
- MD5
- 8a5ba06c9e1c5dc5b280971401518c1c
- CRC-32
- 73d5acda
- File type
- application/octet-stream
- First seen
- 2010-08-27
- F:/AuToRUn.iNf
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- wmi32
- C:\Documents and Settings\All Users\Application Data\wmimgmt.exe
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
- UncheckedValue
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowSuperHidden
- 0x00000000
Processes Created
- c:\documents and settings\all users\application data\wmimgmt.exe
- c:\windows\system32\arp.exe
- c:\windows\system32\chcp.com
- c:\windows\system32\cmd.exe
- c:\windows\system32\find.exe
- c:\windows\system32\findstr.exe
- c:\windows\system32\ipconfig.exe
- c:\windows\system32\nbtstat.exe
- c:\windows\system32\net.exe
- c:\windows\system32\net1.exe
- c:\windows\system32\netstat.exe
- c:\windows\system32\reg.exe
- c:\windows\system32\route.exe
- c:\windows\system32\systeminfo.exe
- c:\windows\system32\tasklist.exe
DNS Requests
- windowsupdate.microsoft.com