Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:W32/Crunk.A
Date discovered:29/01/2010
Type:File infector
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
File size:~16.000 Bytes
Engine version:8.2.1.156

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: Bloodhound.W32.2
   •  Kaspersky: Virus.Win32.Crunk.b
   •  Eset: Win32/Crunk.B

Similar detection:
   •  W32/Crunk.B


Platforms / OS:
   • Windows NT
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The last section of the file is modified to include the virus code.

Damaging - The files are improperly infected. Most of the time the infected files are broken and crash.


Stealth:
EPO (Entry Point Obscuring) - The infected file's EP (Entry Point) remains the same. The virus patches the program code to redirect execution to the viral code.


Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


Method:

This direct-action infector actively searches for files.


Infection length:

Approximately 16.000 Bytes


The following files are infected:

By exact path:
   • *.exe
   • *.scr

Files in any of the following directories:
   • %current directory%

 Miscellaneous String:
Furthermore it contains the following string:
   • Crank by m1x


Anti debugging
It checks if one of the following files are present:
   • \\.\SICE
   • \\.\NTICE

If this was successful it deletes the following files:

   • %system drive root%\*.*
   • %current directory%\*.*

Description inserted by Daniel Constantin on Friday, March 5, 2010
Description updated by Daniel Constantin on Friday, March 5, 2010

Back . . . .