Win32/Agent.YWQ [Threat Name] go to Threat

Win32/Agent.YWQ [Threat Variant Name]

Category trojan
Size 129536 B
Detection created May 19, 2017
Detection database version 15442
Aliases Trojan.Inject2.53623 (Dr.Web)
  Win32:Dorder-E.[Trj] (Avast)
Short description

Win32/Agent.YWQ is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan creates the following files:

  • %temp%\­mf%variable1%.tmp (2624 B)
  • %temp%\­mf%variable2%.tmp (75694 B, Win32/Agent.YWQ)
  • %temp%\­mf582901854.exe (36864 B, Win32/Agent.YWQ)

The trojan executes the following commands:

  • %system%\­wbem\­mofcomp.exe %temp%\­mf%variable1%.tmp
  • %system%\­wbem\­mofcomp.exe %temp%\­mf%variable2%.tmp

A string with variable content is used instead of %variable1-2% .


The trojan executes the following files:

  • %temp%\­mf582901854.exe

The trojan launches the following processes:

  • %system%\­svchost.exe

The trojan creates and runs a new thread with its own code within these running processes.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The trojan generates various URL addresses. The HTTP protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

Please enable Javascript to ensure correct displaying of this content and refresh this page.