Win32/Spy.Agent.PCS [Threat Name] go to Threat

Win32/Spy.Agent.PCS [Threat Variant Name]

Category trojan
Size 1691648 B
Detection created Mar 14, 2017
Detection database version 15088
Aliases Backdoor.Win32.Agent.dpfo (Kaspersky)
  TrojanSpy:Win32/Skeeyah.A!rfn (Microsoft)
Short description

Win32/Spy.Agent.PCS is a trojan that steals sensitive information. The trojan can send gathered information to a remote machine. The file is run-time compressed using ASPack .

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %temp%\­%variable1%chk.tmp
  • %temp%\­sqlite3.dll (681097 B)
  • \­\­tsclient\­%variable2%\­std\­stok_%variable3%

A string with variable content is used instead of %variable1-3% .

Information stealing

The trojan collects the following information:

  • web browser history
  • cookies
  • number of files containing specific text strings
  • user name
  • operating system version
  • information about the operating system and system settings
  • the path to specific folders
  • CPU information
  • amount of operating memory
  • installed antivirus software
  • installed software

The following programs are affected:

  • Google Chrome
  • Internet Explorer
  • Mozilla Firefox
  • Opera

The collected information is stored in the following file:

  • \­\­tsclient\­%variable1%\­std\­sinfo_%variable2%

A string with variable content is used instead of %variable1-2% .


The trojan can send gathered information to a remote machine.


The trojan contains a list of (7) URLs. The HTTP protocol is used.

Other information

The trojan executes the following commands:

  • whoami
  • cmd.exe /c taskkill /im firefox.exe.exe /f
  • cmd.exe /c taskkill /im chrome.exe.exe /f
  • cmd.exe /c ping -n 3 127.0.0.1 & shutdown -l -f

Please enable Javascript to ensure correct displaying of this content and refresh this page.