Malware overwrites MBR, corrupts disks

April 6, 2020
min read

The Carrier

The Malware

  • Upon execution, it launches a number of helper files, to a temp folder.
  • The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
  • It, then, disables Windows Task Manager, User Access Control (UAC),
  • Target system is set to reboot to complete the installation.
  • The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.

The Risk

No items found.