Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
Malicious functions:
Executes the following:
- <SYSTEM32>\find.exe schijf_c
- <SYSTEM32>\attrib.exe <Drive name for removable media>:\CClaw.* +S +H +R
- <SYSTEM32>\net1.exe share schijf_c=C:
- <SYSTEM32>\net1.exe share
- <SYSTEM32>\attrib.exe C:\autorun.inf +S +H +R
- <SYSTEM32>\cmd.exe /c ""%TEMP%\tmpfile0.bat" "
- <SYSTEM32>\attrib.exe C:\CClaw.* +S +H +R
- <SYSTEM32>\attrib.exe <Drive name for removable media>:\autorun.inf +S +H +R
Modifies file system :
Creates the following files:
- C:\autorun.inf
- %TEMP%\tmpfile0.bat
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
- C:\autorun.inf