Win32/Agent.QJF [Threat Name] go to Threat

Win32/Agent.QJF [Threat Variant Name]

Category trojan
Size 27648 B
Detection created Nov 26, 2009
Detection database version 4639
Aliases TR/Downloader.Gen (Avira)
  Downloader (Symantec)
Short description

The trojan may perform various types of attacks against remote machines. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • %system%\­PROset.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Trough" = "%system%\­PROset.exe 0"

After the installation is complete, the trojan deletes the original executable file.

Information stealing

Win32/Agent.QJF is a trojan that steals sensitive information.


The trojan collects the following information:

  • network adapter information

The trojan attempts to send the collected files to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan opens UDP port 9876 .


It can execute the following operations:

  • perform DoS/DDoS attacks

Please enable Javascript to ensure correct displaying of this content and refresh this page.