MSIL/IRPlan [Threat Name] go to Threat

MSIL/IRPlan.A [Threat Variant Name]

Category trojan
Size 289792 B
Aliases Trojan.MSIL.Agent.euhu (Kaspersky)
  Trojan.PWS.Stealer.13085 (Dr.Web)
Short description

MSIL/IRPlan.A is a trojan that steals passwords and other sensitive information.


The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • volume serial number
  • CPU information
  • hardware information
  • MAC address
  • login user names for certain applications/services
  • login passwords for certain applications/services
  • credit card information

The collected information is stored in the following files:

  • %appdata%\­winmmac32.dll
  • %appdata%\­winmmbkac32.dll
  • %windir%\­System32\­winspsys.dll
  • %windir%\­msregsys.dll
  • %windir%\­SysWOW64\­msregsys.dll
  • %windir%\­roootwin064.dll
  • %windir%\­SysWOW64\­roootwin064.dll
Other information

The trojan contains a URL address.

It tries to download a file from the address.

The file is stored in the following location:

  • %startup%\­Update.exe

The file is then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.