Win32/Agent.SMB [Threat Name] go to Threat

Win32/Agent.SMB [Threat Variant Name]

Category trojan
Size 192000 B
Detection created Apr 25, 2011
Detection database version 6069
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • %servicefolder%\­%servicename%.exe

A string with variable content is used instead of %servicefolder%, %servicename%, %configurablename% .


The location may vary depending on the current settings stored in the malware executable.


The trojan may register itself as a system service using the following name:

  • %servicename%

This causes the trojan to be executed on every system start.


The trojan may create the following files:

  • %configurablename%\­%servicename%.bat

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "%servicename%" = "%configurablename%\­%servicename%.bat"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "%servicename%" = "%configurablename%\­%servicename%.bat"

This causes the trojan to be executed on every system start.


The trojan may create the following files:

  • %workingfolder%\­%configurablename% (6144 B, MSIL/Agent.SIX trojan)
Information stealing

Win32/Agent.SMB is a trojan that steals sensitive information.


The trojan collects the following information:

  • computer name
  • user name
  • operating system version
  • the path to specific folders
  • information about the operating system and system settings
  • CPU information
  • amount of operating memory
  • screenshots
  • logged keystrokes

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. The TCP protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • log keystrokes
  • capture screenshots
  • capture webcam picture
  • capture webcam video/voice
  • send requested files
  • send gathered information
  • execute shell commands
  • visit a specific website
  • create Registry entries

Please enable Javascript to ensure correct displaying of this content and refresh this page.