Win32/Boaxxe [Threat Name] go to Threat

Win32/Boaxxe.BL [Threat Variant Name]

Category trojan
Size 108345 B
Aliases Trojan.Win32.Inject.mtvr (Kaspersky)
  VirTool:Win32/CeeInject.gen!KK (Microsoft)
  TR/Crypt.Xpack.6694 (Avira)
Short description

Win32/Boaxxe.BL is a trojan which tries to download other malware from the Internet. The trojan is usually a part of other malware.


The trojan does not create any copies of itself.

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable%" = "%malwarefilepath%"

A string with variable content is used instead of %variable% .

Information stealing

Win32/Boaxxe.BL is a trojan that steals sensitive information.

The trojan collects the following information:

  • hardware information
  • information about the operating system and system settings
  • list of running processes
  • list of disk devices and their type
  • CPU information
  • network adapter information

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (4) URLs. The HTTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • create Registry entries
  • update itself to a newer version

Please enable Javascript to ensure correct displaying of this content and refresh this page.