Technical Details

This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 1861 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.

The following strings are added to the hosts file:

# Win32.Skowor Ransomware Host H4x0r

This is the result of the activity of another malicious program.