Dec 2012 Batchwiper Samples
Archived: 2026-04-05 21:06:35 UTC
Dec 2012 Batchwiper Samples
Update: Jan 18, 2013 - Here is a nice analysis BatchWiper  Analysis by Emanuele De Lucia
The next time the virus will wake up is Jan 21, 2013. Time to grab it, read and play.
Several people asked for Batchwiper, so here are the samples.
From Maher - Iranian CERT:
Latest investigation have been done by Maher center in cyber space identified a new targeted data wiping
malware. Primitive analysis revealed that this malware wipes files on different drives in various predefined times.
Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories
without being recognized by anti-virus software. However, it is not considered to be widely distributed. This
targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks. The
identified components of this threat are listed in the following table:
MD5 Name
f3dd76477e16e26571f8c64a7fd4a97b GrooveMonitor.exe [dropper]
fa0b300e671f73b3b0f7f415ccbe9d41 juboot.exe
c4cd216112cbc5b8c046934843c579f6 jucheck.exe
ea7ed6b50a9f7b31caeea372a327bd37 SLEEP.EXE
b7117b5d8281acd56648c9d08fadf630 WmiPrv.exe
http://contagiodump.blogspot.com/2012/12/batchwiper-samples.html
Page 1 of 2

File
Source: http://contagiodump.blogspot.com/2012/12/batchwiper-samples.html
http://contagiodump.blogspot.com/2012/12/batchwiper-samples.html
Page 2 of 2