- Upon execution, it launches a number of helper files, to a temp folder.
- The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
- It, then, disables Windows Task Manager, User Access Control (UAC),
- Target system is set to reboot to complete the installation.
- The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.