In addition, the worm has a payload module. Its body also contains a performed file that Win32.HLLW.Autoruner.64548 saves in the Windows installation folder in the form of the Mssys library.DLL. The harmful program writes a link to this library in the system register. The worm embeds a useful load in a copy of its own process. Then the malicious program connects to the remote server of attackers and expects commands to download and launch executable files.
Win32.HLLW.Autoruner.64548 — A representative of a fairly rare category of malicious programs capable of infecting a RAR archive. When unpacking the RAR archives, pay attention to whether suspicious executive files appeared inside: their random launch can harm your computer.