Win32/Lypserat [Threat Name] go to Threat

Win32/Lypserat.A [Threat Variant Name]

Category trojan
Size 225002 B
Aliases Trojan.Win32.Buzus.coro (Kaspersky)
  VirTool:Win32/VBInject.gen!CI (Microsoft)
  BackDoor.Poison.1021 (Dr.Web)
Short description

The trojan contains a backdoor. It can be controlled remotely.


When executed, the trojan copies itself in some of the the following locations:

  • %windir%\­apocalyps32.exe
  • %appdata%\­apocalyps32.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "apocalyps32" = "%windir%\­apocalyps32.exe"
  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "apocalyps32" = "%appdata%\­apocalyps32.exe"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "UserInit" = "%system%\­userinit.exe,%windir%\­apocalyps32.exe"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Active Setup\­Installed Components\­{327PPTME-67W3-W76L-5RW3-020E3H1XM1PU}]
    • "StubPath" = "%windir%\­apocalyps32.exe"
Information stealing

The trojan collects the following information:

  • user name
  • computer name
  • CPU information
  • operating system version
  • the path to specific folders
  • Registry entries

The trojan can send the information to a remote machine.

Other information

The trojan receives data and instructions for further action from the Internet or another remote computer within its own network (botnet). It may perform the following actions:

  • log keystrokes
  • delete cookies
  • create files
  • run executable files
  • create folders
  • delete folders
  • create Registry entries
  • delete Registry entries
  • send the list of running processes to a remote computer
  • send files to a remote computer
  • send the list of disk devices and their type to a remote computer
  • capture webcam video/voice
  • shut down/restart the computer
  • steal information from the Windows clipboard
  • capture screenshots
  • send open TCP and UDP port numbers to a remote computer
  • download files from a remote computer and/or the Internet

Please enable Javascript to ensure correct displaying of this content and refresh this page.