Subscribe0 0
This file virus is a Windows PE EXE file, packed using UPX. The packed file is approximately 56KB in size, and the unpacked file is approximately 122KB in size.
Once launched, the virus will encrypt files with the following extensions on the victim machine:
arj cdr cgi css csv db dbf dbt dbx doc flb frm frt frx gtd gz htm html kwm mdb mmf pak pdf pl pst pwa pwl pwm rar rmr rtf sar tar tbb txt xls xml zip
The original virus file will be deleted after launch.
The following text can be seen at the beginning of encrypted files:
PGPcoder
A file named readme.txt will appear in folders which contain encrypted files. The contents of readme.txt are as follows:
Some files are coded. To buy decoder mail: md56@mail.ru with subject: PGPcoder md56
The text may give a different email address or decrypter version, depending on the version of Virus.Win32.GPCode.
If the user contacts the email address listed in readme.txt, they will receive an answer asking for a specific sum of money in return for decrypting files.
Hot Articles