VBS/TrojanDownloader.Agent.NID [Threat Name] go to Threat

VBS/TrojanDownloader.Agent.NID [Threat Variant Name]

Category trojan
Size 1219 B
Detection created Aug 25, 2013
Detection database version 8726
Aliases Trojan-Downloader.VBS.Agent.agx (Kaspersky)
  Trojan.VBS.Agent.FS (BitDefender)
  VBS/Downloader.Agent (AVG)
Short description

VBS/TrojanDownloader.Agent.NID is a trojan that uses the hardware resources of the infected computer for mining the Bitcoin digital currency.

Installation

The trojan is probably a part of other malware.


The trojan does not create any copies of itself.


The trojan needs the following files to run:

  • %windir%\­system32\­OpenCL.dll
Other information

The trojan uses the hardware resources of the infected computer for mining the Bitcoin digital currency.


The trojan runs the following process:

  • %windir%\­inf\­%configExecName%\­%configExecName%.exe -o %configURL% -u %configLogin% -p %configPassword%

A string loaded from c:\windows\inf\ntvdm.inf is used instead of %configExecName%, %configURL%, %configLogin%, %configPassword% .


The trojan contains a list of 2 URLs. The HTTP protocol is used in the communication.


The trojan may create the text file:

  • %userprofile%\­regbcm

Please enable Javascript to ensure correct displaying of this content and refresh this page.