Sets the 'hidden' attribute to the following files:
<SYSTEM32>\install\server.exe
Deletes the following files:
%TEMP%\XX--XX--XX.txt
%TEMP%\XxX.xXx
%TEMP%\UuU.uUu
Substitutes the following files:
%TEMP%\XxX.xXx
%TEMP%\UuU.uUu
Network activity:
Connects to:
'localhost':1037
'se##er.com':80
'ch#####x.justfree.com':80
'gr####.no-ip.biz':200
'gr####.no-ip.biz':2000
TCP:
HTTP GET requests:
http://www.se##er.com/sqlite3.dll via se##er.com
http://ch#####x.justfree.com/arquivo.txt
UDP:
DNS ASK ch#####x.justfree.com
DNS ASK www.se##er.com
DNS ASK gr####.no-ip.biz
Miscellaneous:
Creates and executes the following:
'<Full path to file>'
'<SYSTEM32>\install\server.exe'
Executes the following:
'%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more