Threat Database Malware KillMBR-FBIA


By LoneStar in Malware

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 26
First Seen: March 22, 2013
Last Seen: October 27, 2022
OS(es) Affected: Windows

KillMBR-FBIA is a malware infection that is included in an online malware campaign affecting South Korean banks and media firms. KillMBR-FBIA wipes out the master boot records on the hard drives of the compromised PC, overwriting the MBR with one of the strings 'PRINCPES', 'PR!NCPES' and 'HASTATI'. KillMBR-FBIA also overwrites random parts of the file system with the same strings, making several files irretrievable. So even if the MBR is retrieved, the files on disk will be affected as well. Then, the PC is urged to restart via the particular command. That activity makes the PCs to be unable to boot up because the MBR is corrupted. Before overwriting the MBR, KillMBR-FBIA strives to stop the main processes of two Korean anti-virus programs, Ahnlab and Hauri. The main goal of KillMBR-FBIA is to make the victimized computer systems unusable.

File System Details

KillMBR-FBIA may create the following file(s):
# File Name Detections
1. OthDown.exe
2. mb_join.exe
3. ApcRunCmd.exe
4. E4F66C3CD27B97649976F6F0DAAD9032.bin
5. APCRunCmd.DRP
6. pr1.tmp
7. jar_cache1221312510715123682.tmp


KillMBR-FBIA may call the following URLs:


Most Viewed