MSIL/Spy.Agent.AHL [Threat Name] go to Threat

MSIL/Spy.Agent.AHL [Threat Variant Name]

Category trojan
Size 144384 B
Detection created Aug 26, 2015
Detection database version 12158
Aliases Trojan.MSIL.Agent.abdsg (Kaspersky)
  Trojan:Win32/MultiInjector.A!rfn (Microsoft)
  Trojan.DownLoader15.63031 (Dr.Web)
Short description

MSIL/Spy.Agent.AHL is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%\­%malwarefilename%

This causes the trojan to be executed on every system start.


The trojan creates the following files:

  • %appdata%\­%malwarefilename%.il

The trojan executes the following commands:

  • %systemdrive%\­Windows\­Microsoft.NET\­Framework\­v2.0.50727\­ilasm.exe "%appdata%\­%malwarefilename%.il"
Information stealing

The trojan collects the following information:

  • computer name
  • operating system version
  • information about the operating system and system settings
  • memory status
  • video controller type
  • CPU information
  • screenshots
  • data from the clipboard
  • login user names for certain applications/services
  • login passwords for certain applications/services

The following programs are affected:

  • DynDNS
  • FileZilla
  • FTP Commander
  • Google Chrome
  • Internet Explorer
  • JDownloader
  • Mozilla Firefox
  • Opera

The trojan is able to log keystrokes.


The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail. The SMTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.