MSIL/PSW.Agent.PUU [Threat Name] go to Threat

MSIL/PSW.Agent.PUU [Threat Variant Name]

Category trojan
Size 1953792 B
Aliases Trojan-Dropper.Win32.Sysn.bjkv (Kaspersky)
  TrojanSpy:Win32/Skeeyah.A!rfn (Microsoft)
Short description

MSIL/PSW.Agent.PUU is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.


When executed, the trojan creates the following files:

  • %appdata%\­Microsoft\­ffvr.exe (10752 B, MSIL/PSW.Agent.PUU)

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "WindowsNTWindowManager" = "%appdata%\­Microsoft\­ffvr.exe"

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects the following information:

  • login passwords for certain applications/services
  • login user names for certain applications/services
  • user name
  • operating system version

The goal of the malware is to persuade the user to fill in personal information.

Some examples follow.

The trojan attempts to send gathered information to a remote machine. The FTP protocol is used.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a URL address. The FTP, HTTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send gathered information

Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.