MSIL/BattleBot [Threat Name] go to Threat

MSIL/BattleBot.A [Threat Variant Name]

Category trojan
Size 316928 B
Aliases MSIL:Agent-BIK (Avast)
  MSIL2.MPB.trojan (AVG)
  TR/Agent.bik.5 (Avira)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan creates the following files:

  • %temp%\­n.exe (191488 B, MSIL/BattleBot.A)
  • %appdata%\­Adobe\­AdobeUpdate.exe (133632 B, MSIL/BattleBot.A)

The trojan schedules a task that causes the following file to be executed repeatedly:

  • %appdata%\­Adobe\­AdobeUpdate.exe

This causes the trojan to be executed on every system start.

Information stealing

MSIL/BattleBot.A is a trojan that steals sensitive information.


The trojan collects the following information:

  • operating system version
  • installed firewall application
  • installed antivirus software
  • computer name
  • user name
  • computer IP address

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The TCP, HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • update itself to a newer version
  • shut down/restart the computer
  • send the list of files on a specific drive to a remote computer
  • send the list of disk devices and their type to a remote computer
  • simulate user's input (clicks, taps)
  • capture screenshots
  • capture webcam picture
  • open a specific URL address

The trojan displays the following dialog box:

Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.