Win32/TrojanDownloader.Agent.PWH [Threat Name] go to Threat

Win32/TrojanDownloader.Agent.PWH [Threat Variant Name]

Category trojan
Size 18944 B
Detection created Apr 22, 2010
Detection database version 5049
Aliases Trojan-Downloader.Win32.Agent.dkcg (Kaspersky)
  TrojanDownloader:Win32/Bulilit.A (Microsoft)
  Downloader.Agent2.VGA (AVG)
Short description

Win32/TrojanDownloader.Agent.PWH is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­Currentversion\­Run]
    • "RunmeAtStartup" = "%malwarepath%"

The trojan creates the following files:

  • C:\­WINDOWS\­system32\­xvhost.sb
Information stealing

The trojan collects the following information:

  • network adapter information

The trojan attempts to send gathered information to a remote machine.

Other information

Win32/TrojanDownloader.Agent.PWH is a trojan which tries to download other malware from the Internet.


The trojan contains a list of (5) URLs.


It tries to download several files from the addresses.


The files are then executed.


It tries to connect to remote machines to ports:

  • 8080
  • 90
  • 91
  • 92
  • 99

The HTTP protocol is used.


Please enable Javascript to ensure correct displaying of this content and refresh this page.