MSIL/Spy.Agent.AHL [Threat Name] go to Threat
MSIL/Spy.Agent.AHL [Threat Variant Name]
Category | trojan |
Size | 144384 B |
Detection created | Aug 26, 2015 |
Detection database version | 12158 |
Aliases | Trojan.MSIL.Agent.abdsg (Kaspersky) |
Trojan:Win32/MultiInjector.A!rfn (Microsoft) | |
Trojan.DownLoader15.63031 (Dr.Web) |
Short description
MSIL/Spy.Agent.AHL is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.
Installation
When executed, the trojan copies itself into the following location:
- %startup%\%malwarefilename%
This causes the trojan to be executed on every system start.
The trojan creates the following files:
- %appdata%\%malwarefilename%.il
The trojan executes the following commands:
- %systemdrive%\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe "%appdata%\%malwarefilename%.il"
Information stealing
The trojan collects the following information:
- computer name
- operating system version
- information about the operating system and system settings
- memory status
- video controller type
- CPU information
- screenshots
- data from the clipboard
- login user names for certain applications/services
- login passwords for certain applications/services
The following programs are affected:
- DynDNS
- FileZilla
- FTP Commander
- Google Chrome
- Internet Explorer
- JDownloader
- Mozilla Firefox
- Opera
The trojan is able to log keystrokes.
The trojan attempts to send gathered information to a remote machine.
The trojan sends the information via e-mail. The SMTP protocol is used.