Win32/TrojanDropper.Agent.PQT [Threat Name] go to Threat

Win32/TrojanDropper.Agent.PQT [Threat Variant Name]

Category trojan
Size 451584 B
Aliases Trojan.Win32.Scar.fhql (Kaspersky)
  Backdoor:Win32/Moudoor.A (Microsoft)
  GenericDropper!1lh.trojan (McAfee)
Short description

Win32/TrojanDropper.Agent.PQT is a trojan that installs Win32/Farfli.IR malware.

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­%variable1%

The trojan creates the following files:

  • %temp%\­w7e%variable2%.tmp (41984 B)
  • %temp%\­w7e2%variable3%.tmp (99328 B, Win32\­Farfli.IR)

A string with variable content is used instead of %variable1-3% .


The trojan executes the following files:

  • %temp%\­w7e2%variable3%.tmp

After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe

The following files are deleted:

  • %temp%\­w7e%variable2%.tmp

Please enable Javascript to ensure correct displaying of this content and refresh this page.