Win32/Caphaw [Threat Name] go to Threat

Win32/Caphaw.M [Threat Variant Name]

Category trojan
Size 284672 B
Detection created Jan 17, 2013
Detection database version 7904
Aliases Trojan.Win32.Agentb.hxk (Kaspersky)
  Backdoor:Win32/Caphaw.N (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.

Spreading via IM networks

Win32/Caphaw.M is a trojan that can be spread via IM networks.


If Skype is installed on the infected system, the trojan sends a message to all Skype contacts.


The attachment is an executable of the trojan.

Information stealing

The trojan collects information related to the following applications:

  • Skype

The following information is collected:

  • login name

The trojan attempts to send gathered information to a remote machine. The HTTP protocol is used.

Other information

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send files to a remote computer

The trojan affects the behavior of the following applications:

  • Skype

The trojan may create the following files:

  • %temp%\­%variable%

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.