Win32/Patpoopy [Threat Name] go to Threat

Win32/Patpoopy.D [Threat Variant Name]

Category trojan
Size 3284992 B
Aliases Trojan.Win64.Shelma.em (Kaspersky)
  Python.PuPy.17 (Dr.Web)
Short description

Win32/Patpoopy.D serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

Information stealing

Win32/Patpoopy.D is a trojan that steals sensitive information.

The trojan collects the following information:

  • computer name
  • user name
  • operating system version
  • computer IP address
  • MAC address

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (1) IP addresses. The TCP, SSL protocol is used in the communication.

The network communication with remote computer/server is encrypted.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • upload files to a remote computer
  • various filesystem operations
  • execute shell commands
  • send the list of running processes to a remote computer
  • terminate running processes
  • change the privileges of a running process
  • set up a proxy server
  • log keystrokes
  • capture screenshots
  • capture webcam picture
  • perform port scanning
  • send the list of disk devices and their type to a remote computer
  • display a dialog window

The trojan may create the following files:

  • %temp%\­python27.dll (2639872 B)

Please enable Javascript to ensure correct displaying of this content and refresh this page.