MSIL/TrojanDropper.Agent.BE [Threat Name] go to Threat

MSIL/TrojanDropper.Agent.BE [Threat Variant Name]

Category trojan
Size 186980 B
Aliases Trojan-Spy.Win32.Zbot.ajlh (Kaspersky)
  PWS:Win32/Zbot (Microsoft)
Short description

MSIL/TrojanDropper.Agent.BE is a trojan that installs Win32/Spy.Zbot.JF malware.

Installation

When executed, the trojan creates the following files:

  • %appdata%\­%variable%.exe (Win32/Spy.Zbot.JF)

A string with variable content is used instead of %variable% .


The file is then executed.


The trojan may create and run a new thread with its own program code within any running process.

Other information

The trojan quits immediately if the computer name is one of the following:

  • ComputerName
  • COMPUTERNAME
  • DELL-D3E62F7E26
  • DWI-9625AC2E275
  • MICHAEL-F156CF7

The trojan quits immediately if the Windows user name is one of the following:

  • currentuser
  • honey
  • sandbox
  • User
  • UserName

The trojan quits immediately if any of the following applications is detected:

  • Sandboxie
  • VMware

Please enable Javascript to ensure correct displaying of this content and refresh this page.