The virus consists of a dropper, which is witten in assembler, and the virus part itself, written in Borland C++.
When an infected file is launched, the control flow is passed to the virus dropper, which writes the virus to a temporary file and executes its infection procedure.
The virus searches for Win32 EXE PE files with .scr and .exe
extensions on all logical drives of computer, and also in shared resources of local network, and infects them.
The virus doesn’t manifest itselfs presence in any way.
The structure of infected file looks like this:
|Find out the statistics of the threats spreading in your region|