Win32/Regiskazi [Threat Name] go to Threat

Win32/Regiskazi.A [Threat Variant Name]

Category trojan
Size 580789 B
Detection created Oct 13, 2014
Detection database version 10556
Aliases Trojan-Downloader.Win32.Agent.hexu (Kaspersky)
  RDN/Downloader.a!tn.trojan (McAfee)
  Downloader (Symantec)
Short description

Win32/Regiskazi.A is a trojan which tries to download other malware from the Internet. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "winregis" = "%malwarefilepath%"
Information stealing

The trojan collects the following information:

  • video controller type
  • CPU information
  • operating system version
  • installed antivirus software

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (3) URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • delete files
  • create folders

Please enable Javascript to ensure correct displaying of this content and refresh this page.