Win32/Spy.Agent.OEA [Threat Name] go to Threat

Win32/Spy.Agent.OEA [Threat Variant Name]

Category trojan
Size 57344 B
Detection created Apr 24, 2013
Detection database version 8261
Aliases Trojan.Win32.Yakes.cvuu (Kaspersky)
Short description

Win32/Spy.Agent.OEA is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The file is run-time compressed using aPACK .

Installation

When executed, the trojan copies itself into the following location:

  • %appdata%\­pecept\­svhcots.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Windows Udpate" = "%appdata%\­pecept\­svhcots.exe"

The following programs are terminated:

  • svhcots.exe

The trojan terminates its execution if it detects that it's running in a specific virtual environment.

Information stealing

The trojan is able to log keystrokes.


The trojan collects the following information:

  • screenshots

The collected information is stored in the following files:

  • %appdata%\­pecept\­%variable1%.dkl
  • %appdata%\­pecept\­%variable2%.jpg

A string with variable content is used instead of %variable1-2% .


The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used.

Other information

The trojan displays the following dialog box:

Please enable Javascript to ensure correct displaying of this content and refresh this page.