Win32/Agent.QMF [Threat Name] go to Threat

Win32/Agent.QMF [Threat Variant Name]

Category trojan
Size 54272 B
Detection created Dec 10, 2009
Detection database version 10143
Aliases Trojan.Win32.Yakes.flvc (Kaspersky)
Short description

Win32/Agent.QMF is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the following location:

  • %currentfolder%\­%variable%.tmp

A string with variable content is used instead of %variable% .


The file is then executed.


After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The network communication with remote computer/server is encrypted.


The trojan contains a list of (3) URLs. The HTTP protocol is used in the communication.


It tries to download a file from the addresses.


After decryption the data is saved in the following files:

  • %currentfolder%\­%variable%.tmp

The files are then executed.


A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.