Win32/Spy.Agent.OWE [Threat Name] go to Threat

Win32/Spy.Agent.OWE [Threat Variant Name]

Category trojan
Size 204288 B
Detection created Apr 13, 2016
Detection database version 13329
Aliases TrojanSpy:Win32/Skeeyah.A!rfn (Microsoft)
  Trojan.PWS.Spy.19887 (Dr.Web)
Short description

Win32/Spy.Agent.OWE is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed the trojan copies itself in the following locations:

  • %currentfolder%\­1.exe
  • %currentfolder%\­2.exe

The trojan launches the following processes:

  • notepad

After the installation is complete, the trojan deletes the original executable file.

Information stealing

The trojan collects the following information:

  • operating system version
  • information about the operating system and system settings
  • installed program components under  [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Uninstall] Registry subkeys
  • installed antivirus software
  • amount of operating memory
  • CPU information
  • cookies

The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used.


Please enable Javascript to ensure correct displaying of this content and refresh this page.