Win32/Flyagent [Threat Name] go to Threat
Win32/Flyagent.NGX [Threat Variant Name]
|Detection created||Jun 02, 2016|
|Signature database version||13587|
The trojan serves as a backdoor. It can be controlled remotely.
The trojan is usually bundled within installation packages of various legitimate software.
The trojan may create copies of itself using the following filenames:
In order to be executed on system start, the trojan sets the following Registry entry:
- "yckhd" = "C:\360Micn.exe"
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The HTTP protocol is used in the communication.
It may perform the following actions:
- log keystrokes
- block keyboard and mouse input
- simulate user's input (clicks, taps)
- simulate mouse activity
- download files from a remote computer and/or the Internet
- upload files to a remote computer
- capture screenshots
- capture webcam video/voice
- hide taskbar
- show/hide application windows
- visit a specific website
- send the list of running processes to a remote computer
- start/stop services
- run executable files
- terminate running processes
- create Registry entries
- delete Registry entries
- various filesystem operations
- shut down/restart the computer
- steal information from the Windows clipboard
- collect information about the operating system used
- send gathered information