Win32/Agent.UJJ [Threat Name] go to Threat

Win32/Agent.UJJ [Threat Variant Name]

Category trojan
Size 50688 B
Detection created Jan 09, 2013
Detection database version 7877
Aliases Trojan-Ransom.Win32.Blocker.biqy (Kaspersky)
  Trojan:Win32/Bublik.I (Microsoft)
Short description

Win32/Agent.UJJ is a trojan that can interfere with the operation of certain applications. The trojan is usually a part of other malware.


When executed, the trojan copies itself into the following location:

  • %appdata%\­ie_util.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "IExplorer Util" = "%appdata%\­ie_util.exe"

The trojan creates and runs a new thread with its own program code within the following processes:

  • ctfmon.exe
  • dwm.exe
  • Explorer.exe
  • iexplore.exe
  • rdpclip.exe
  • taskeng.exe
  • taskhost.exe
Other information

The trojan affects the behavior of the following applications:

  • Internet Explorer

The trojan can modify the downloaded data.

The trojan hooks the following Windows APIs:

  • HttpQueryInfoA (wininet.dll)
  • InternetReadFile (wininet.dll)

Please enable Javascript to ensure correct displaying of this content and refresh this page.