Technical Details

This malicious program demands a ransom in exchange for the content of an encrypted archive, which users believe contains a file that they need. It is a Windows application (PE EXE file). It is 1 114 654 bytes in size. It is written in Delphi.


As a rule, the malware is downloaded by the user from the Internet in the guise of a self-extracting archive containing the file that the user needs. Once launched, the malware displays a window with the following content:

After the "Unpack" button is pressed, the malware imitates the process of extracting the file. At a certain stage, this process stops and the user is prompted to enter a code to continue extracting. To obtain the code, it is necessary to select a country and send an SMS to the short number specified:

The links

For complaints
point to the following resources, respectively:


Removal Instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

MD5: 0A190F61447793EF64A0F04A03627F47

SHA1: 26B272D056E4915B07101444632CC1920C332B7B