WMIを悪用するマルウエアですか・・・

TrendLabsSM recently handled a client case last March wherein two peculiar malware leveraged a Windows service Windows Management Instrumentation (WMI) to execute their malicious routines.
WMI lets users access and retrieve information about their OSs. It is particularly useful for administrators, especially in enterprise environments, as it manages applications found on systems connected to a network using any one of various coding languages. It can be considered a database that contains information on anything and everything related to a system’s OS and its users.
As WMI contains a huge chunk of data, cybercriminals find it a very likely target for their malicious creations. They can, for instance, introduce specialized pragma to the service to make affected systems do their malicious bids such as:

WMI Abused for Malware Operations - TrendLabs Security Intelligence Blog