MSIL/Spy.Agent.PK [Threat Name] go to Threat

MSIL/Spy.Agent.PK [Threat Variant Name]

Category trojan
Size 912954 B
Detection created Dec 03, 2013
Detection database version 9123
Aliases PWS:MSIL/Wealwedst.A (Microsoft)
  Trojan.Inject2.17586 (Dr.Web)
Short description

MSIL/Spy.Agent.PK is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %appdata%\­jfUoe.exe
Information stealing

MSIL/Spy.Agent.PK is a trojan that steals passwords and other sensitive information.


The trojan collects the following information:

  • login user names for certain applications/services
  • login passwords for certain applications/services
  • information about the operating system and system settings
  • operating system version
  • computer name
  • external IP address of the network device

The following programs are affected:

  • Mozilla Firefox
  • Google Chrome
  • Opera
  • FileZilla
  • Pidgin
  • Valve Steam
  • JDownloader
  • ICQ
  • MSN

The collected information is stored in the following file:

  • %temp%\­%computername%

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (1) addresses. The FTP protocol is used in the communication.

Other information

The trojan runs the following applications:

  • %windir%\­Microsoft.NET\­Framework\­v4.0.30319\­vbc.exe

The trojan creates and runs a new thread with its own code within these running processes.

Please enable Javascript to ensure correct displaying of this content and refresh this page.