Win32/Agent.WMI [Threat Name] go to Threat

Win32/Agent.WMI [Threat Variant Name]

Category trojan
Size 677888 B
Detection created Oct 10, 2014
Detection database version 10541
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan collects various information related to the operating system.


The trojan does not create any copies of itself.

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "InteI(R) Common User Interface" = "%malwarefilepath%"
Information stealing

Win32/Agent.WMI is a trojan that steals various information about the infected computer.

The following information is collected:

  • MAC address
  • installed antivirus software
  • operating system version
  • list of running processes

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a URL address. The HTTP protocol is used in the communication.

It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • update itself to a newer version
  • shut down/restart the computer

Please enable Javascript to ensure correct displaying of this content and refresh this page.