|Platform||Microsoft Windows (9x Series)|
|File Type||*Win32 PE executable (.EXE)|
Win32.Arcticbomb is a highly destructive trojan which runs on Microsoft Windows. This trojan is in a form of an executable with an image of an ignited stick of dynamite as its icon. It delivers the payload within 5 seconds when it is run.
The trojan works on Windows 9x (95, 98, and ME) only, while on NT versions (like NT 4.0, 2000, and XP) of Windows no effect will be taken.
Once executed, Arcticbomb deletes any and all files found on all local drives. This is carried out extremely fast, and the user has no time to save any of their data before it is destroyed.
This activity often happens so fast that it consumes the computer's memory output, resulting in an empty error message in Windows 3.1's White Box of Doom's style to appear (due to the loss of the fonts), notifying that the memory has been completely used up.
The trojan also scrambles the sectors. As a result, the user has no choice other than formatting and reinstalling the operating system.
- Analysis video by danooct1: youtube.com/watch?v=Ig4Kao2xGLA