Win32/Agent.YAS [Threat Name] go to Threat

Win32/Agent.YAS [Threat Variant Name]

Category trojan
Size 182272 B
Detection created May 26, 2016
Detection database version 13549
Short description

The trojan serves as a proxy server. It can be controlled remotely.


When executed, the trojan copies itself into the following location:

  • %programfiles%\­FastWeb\­fastweb.exe

The trojan creates the following file:

  • %programfiles%\­FastWeb\­config_ns1.dat (12 B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "fastweb" = "%programfiles%\­FastWeb\­fastweb.exe"

The trojan quits immediately if the executable filename is one of the following:

  • c:\­file.exe
  • c:\­myapp.exe
  • c:\­sample.exe
  • c:\­self.exe
  • c:\­t.exe
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (5) URLs. The TCP protocol is used in the communication.

The trojan serves as a proxy server.

Please enable Javascript to ensure correct displaying of this content and refresh this page.