Win32/Boaxxe [Threat Name] go to Threat
Win32/Boaxxe.BL [Threat Variant Name]
| Category | trojan |
| Size | 108345 B |
| Aliases | Trojan.Win32.Inject.mtvr (Kaspersky) |
| VirTool:Win32/CeeInject.gen!KK (Microsoft) | |
| TR/Crypt.Xpack.6694 (Avira) |
Short description
Win32/Boaxxe.BL is a trojan which tries to download other malware from the Internet. The trojan is usually a part of other malware.
Installation
The trojan does not create any copies of itself.
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "%variable%" = "%malwarefilepath%"
A string with variable content is used instead of %variable% .
Information stealing
Win32/Boaxxe.BL is a trojan that steals sensitive information.
The trojan collects the following information:
- hardware information
- information about the operating system and system settings
- list of running processes
- list of disk devices and their type
- CPU information
- network adapter information
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (4) URLs. The HTTP protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- create Registry entries
- update itself to a newer version