MSIL/TrojanDropper.Agent.GT [Threat Name] go to Threat

MSIL/TrojanDropper.Agent.GT [Threat Variant Name]

Category trojan
Size 84480 B
Detection created Jul 08, 2011
Detection database version 6277
Aliases Trojan-Downloader.MSIL.Agent.amf (Kaspersky)
  Adware.Multidropper (Symantec)
  TrojanDownloader:MSIL/Agent.J (Microsoft)
Short description

MSIL/TrojanDropper.Agent.GT is a trojan that installs MSIL/TrojanClicker.NAO malware. The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.

Installation

When executed, the trojan creates the following files:

  • %temp%\­AcpFun2.exe (27648 B, MSIL/TrojanClicker.NAO)
  • %temp%\­EWAFun2.exe (27136 B, MSIL/TrojanClicker.NAO)
  • %temp%\­Fun2Wolfy.exe (27136 B, MSIL/TrojanClicker.NAO)
  • %temp%\­MyFun2.exe (33280 B, MSIL/TrojanClicker.NAO)

The files are then executed.

Other information

The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.


The trojan contains a list of URLs.


The trojan keeps various information in the following Registry keys:

  • [HKEY_CURRENT_USER\­SOFTWARE\­cpfacew1]
    • "ips"
  • [HKEY_CURRENT_USER\­SOFTWARE\­rand222o]
    • "ips"
  • [HKEY_CURRENT_USER\­SOFTWARE\­hazidtacp22]
    • "ips"
  • [HKEY_CURRENT_USER\­SOFTWARE\­egreet]
    • "ips"

It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • open a specific URL address

Please enable Javascript to ensure correct displaying of this content and refresh this page.