Win32/Heloag [Threat Name] go to Threat

Win32/Heloag.AA [Threat Variant Name]

Category trojan
Size 15360 B
Aliases HackTool.Win32.SQLInject.ct (Kaspersky)
  Backdoor:Win32/Heloag.A (Microsoft)
  Trojan.DownLoad1.61947 (Dr.Web)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The file is run-time compressed using ASPack .


The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (2) URLs. The HTTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • perform DoS/DDoS attacks

The trojan collects the following information:

  • computer name

The trojan can send the information to a remote machine.

The trojan may create the following files:

  • %temp%\­%variable%.htm
  • %temp%\­%variable%.exe

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.