Win32/Agent.RKC [Threat Name] go to Threat

Win32/Agent.RKC [Threat Variant Name]

Category trojan
Size 209408 B
Detection created Jul 12, 2010
Detection database version 5272
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

The trojan may create the following files:

  • %appdata%\­Microsoft FxCop\­Isass.exe (133120 B)
  • %appdata%\­Microsoft\­Internet Explorer\­Users\­config.txt (30 B)
  • %appdata%\­Microsoft\­Internet Explorer\­Users\­config.txt_ (30 B)
  • %startmenu%\­Programs\­Certificate.ico (318 B)
  • %startmenu%\­Programs\­Startup\­Certificate Managment.lnk
  • %windir%\­Temp\­HLMLog.txt (1514 B)
  • %windir%\­Temp\­MainLog.hlm (504 B)
  • %windir%\­Temp\­Serverlog.txt (11323 B)

The trojan may register itself as a system service using the following name:

  • Windows Presentation Foundation Font Cache

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects the following information:

  • user name
  • computer name
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The HTTP protocol is used in the communication.

Configuration is stored in the following file:

  • config.txt

It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send files to a remote computer
  • various file system operations

Please enable Javascript to ensure correct displaying of this content and refresh this page.