Troj/Dldr-BY is a Trojan for the Windows platform.
Troj/Dldr-BY includes functionality to:
- run automatically
- create files in the <WINDOWS>\system32 folder
- access the internet and communicate with a remote server via HTTP
When Troj/Dldr-BY is installed the following files are created:
<User>\restorer64_a.exe
<System>\restorer64_a.exe
The following registry entry is created to run restorer64_a.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
restorer64_a
<System>\restorer64_a.exe