MSIL/Spy.Agent.BP [Threat Name] go to Threat

MSIL/Spy.Agent.BP [Threat Variant Name]

Category trojan
Size 236032 B
Detection created Mar 26, 2012
Detection database version 10000
Aliases PSW.MSIL.KLX.trojan (AVG)
  Trojan.KeyLogger.8784 (Dr.Web)
Short description

MSIL/Spy.Agent.BP is a trojan that installs MSIL/Agent.KX malware.

Installation

When executed, the trojan copies itself into the following location:

  • %appdata%\­Google\­shellbrd.exe

The following file is dropped in the same folder:

  • basebrd.exe (9728 B, MSIL/Spy.Agent.BP)

The file is then executed.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "Windows Base Branding" = "%appdata%\­Google\­basebrd.exe"
Other information

The trojan contains the program code of the following malware:

  • MSIL/Agent.KX

The trojan can create and run a new thread with its own program code within the following processes:

  • AppLaunch.exe
  • vbc.exe
  • %malwarefilepath%

The trojan terminates its execution if it detects that it's running in a specific virtual environment.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • display a dialog window

Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.