Win32/Akuan [Threat Name] go to Threat
Win32/Akuan.A [Threat Variant Name]
| Category | trojan |
| Size | 278016 B |
| Aliases | Trojan.Win32.Akuan (Kaspersky) |
| Trojan:Win32/Akuan (Microsoft) | |
| potentially.unwanted.program.KeyLog-Akuan (McAfee) |
Short description
Win32/Akuan.A is a trojan that steals sensitive information. The trojan can send the information to a remote machine.
Installation
When executed, the trojan creates the following files:
- %windir%\system\svr.exe (278016 B)
- %windir%\system\__gdi.dll (66048 B)
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "gdi" = "%windir%\system\svr.exe"
Information stealing
The trojan collects the following information:
- user name
- computer name
The trojan is able to log keystrokes.
The trojan sends the information via e-mail.
Other information
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\akuan]
- "filenametolog" = "%variable1%"
- "sendif" = "%variable2%"
- "mailtosend" = "%variable3%"
- "sendaftersize" = "%variable4%"
- "sendafterday" = "%variable5%"
- "lastsenddate" = "%variable6%"
A string with variable content is used instead of %variable1-6% .
The trojan contains a list of (1) URLs.
It opens these using the Internet Explorer .