Win32/Spy.Agent.OAT [Threat Name] go to Threat

Win32/Spy.Agent.OAT [Threat Variant Name]

Category trojan
Size 3604480 B
Detection created Sep 26, 2012
Detection database version 7520
Aliases Infostealer (Symantec)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • computer name
  • user name
  • CPU information
  • information about the operating system and system settings
  • network adapter information
  • list of running processes

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address. The HTTP protocol is used.

Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan starts a Terminal server on a random TCP port.


The trojan starts a Web server on a random TCP port.


It can execute the following operations:

  • run executable files
  • sending various information about the infected computer

The following services are disabled:

  • Windows Firewall
  • Automatic Updates
  • Windows Security Center

Some examples follow.

It is written in "Google Go Progamming Language" .

Please enable Javascript to ensure correct displaying of this content and refresh this page.