W32/Renamer-I exhibits the following characteristics:
File Information
- Size
- 237K
- SHA-1
- 00a1a5149421a5af0a238b113cbc93e01b520e63
- MD5
- 0076a9062898aae1140321a4dd2be2c5
- CRC-32
- a6ea9fc4
- File type
- Windows executable
- First seen
- 2013-01-09
Other vendor detection
- Kaspersky
- HEUR:Worm.Win32.Generic
Runtime Analysis
Dropped Files
- C:\Program Files\ActiveX Sample\setup\SETUP.cab
- C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.cab
- C:\Program Files\Common Files\Microsoft Shared\DW\DW20.cab
- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.cab
- C:\Program Files\CCleaner\CCleaner.cab
- C:\Program Files\Debugging Tools for Windows (x86)\adplusmanager.cab
- Size
- 79K
- SHA-1
- 09e8a11b4305262229e714a1bdd36176dc2d1077
- MD5
- a4096433854c51a3ddd9d3442b84b083
- CRC-32
- 9d4ef39b
- File type
- Windows executable
- First seen
- 2012-09-29
- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.cab
- C:\Program Files\CCleaner\uninst.cab
- C:\Program Files\Common Files\Adobe\Updater5_DISABLED\AdobeUpdater.cab
- C:\Program Files\Debugging Tools for Windows (x86)\srcsrv\pdbstr.cab
- Size
- 516K
- SHA-1
- 796932b0a884f829297ad8b80e7671ae28e663f7
- MD5
- 7e23194991571c2e01285d327a1fc725
- CRC-32
- 9c8af306
- File type
- Windows executable
- First seen
- 2012-10-16
- C:\Program Files\Debugging Tools for Windows (x86)\srcsrv\srctool.cab
- Size
- 24K
- SHA-1
- 92e64eb10dab95b19f148c4a09870d7ccc2b1269
- MD5
- 2d52e48079896fba756341229a808b82
- CRC-32
- 64fff1b4
- File type
- Windows executable
- First seen
- 2012-10-16
- C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.cab
- C:\Program Files\Debugging Tools for Windows (x86)\adplus.cab
- Size
- 95K
- SHA-1
- 8b408df9954c2981c64c7b286e7f34d05cbd39f3
- MD5
- cbb8d052470b6c141fbf94c43128f4c6
- CRC-32
- 49df7dad
- File type
- Windows executable
- First seen
- 2012-09-29
- C:\Program Files\ImageMagick-6.7.6-Q16\animate.cab
- Size
- 128K
- SHA-1
- f7c2324cd5083721b79b67109bc89bbc34caac23
- MD5
- 12e90a8aa312abe897e43b8897bc0ddd
- CRC-32
- b0fbd6f0
- File type
- Windows executable
- First seen
- 2012-03-21
- C:\Program Files\ImageMagick-6.7.6-Q16\compare.cab
- Size
- 128K
- SHA-1
- 28a94e804e99e1a97fcf4231e5ca812bf5c42f07
- MD5
- f635a0567676a85a71a89c021f869218
- CRC-32
- 7cca7e93
- File type
- Windows executable
- First seen
- 2012-03-21
- C:\Program Files\Common Files\Adobe\Updater5_DISABLED\AdobeUpdaterInstallMgr.cab
Modified Files
- %PROGRAM FILES%\Debugging Tools for Windows (x86)\adplus.exe
- Changed the file contents
- %PROGRAM FILES%\CCleaner\CCleaner.exe
- Changed the file contents
- %PROGRAM FILES%\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
- Changed the file contents
- %PROGRAM FILES%\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
- Changed the file contents
- %PROGRAM FILES%\Debugging Tools for Windows (x86)\srcsrv\srctool.exe
- Changed the file contents
- %PROGRAM FILES%\ImageMagick-6.7.6-Q16\animate.exe
- Changed the file contents
- %PROGRAM FILES%\CCleaner\uninst.exe
- Changed the file contents
- %PROGRAM FILES%\Adobe\Reader 8.0\Reader\AcroRd32.exe
- Changed the file contents
- %PROGRAM FILES%\Debugging Tools for Windows (x86)\adplusmanager.exe
- Changed the file contents
- %PROGRAM FILES%\ImageMagick-6.7.6-Q16\compare.exe
- Changed the file contents
- %PROGRAM FILES%\Common Files\Microsoft Shared\DW\DW20.EXE
- Changed the file contents
- %PROGRAM FILES%\ActiveX Sample\setup\SETUP.EXE
- Changed the file contents
- %PROGRAM FILES%\Debugging Tools for Windows (x86)\srcsrv\pdbstr.exe
- Changed the file contents