Win32/Wisp [Threat Name] go to Threat

Win32/Wisp.AB [Threat Variant Name]

Category trojan
Size 6656 B
Detection created Dec 30, 2014
Detection database version 10945
Short description

The trojan has a simple payload.


The trojan does not create any copies of itself.

The trojan is probably a part of other malware.

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "msconfig" = "%malwarefolder%\­nwxsy.exe -startup"

The trojan tries to load and inject the nwxsy.dll library into the following processes:

  • explorer.exe
  • outlook.exe
  • firefox.exe
  • chrome.exe
Other information

The trojan terminates its execution if it detects that it's running in a specific virtual environment.

Please enable Javascript to ensure correct displaying of this content and refresh this page.