Win64/Agent.ZPG [Threat Name] go to Threat

Win64/Agent.ZPG [Threat Variant Name]

Category trojan
Size 12800 B
Detection created May 23, 2018
Detection database version 17433
Aliases Backdoor.Win64.Agent.hnt (Kaspersky)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan may create the following files:

  • %system%\­appmgmts.dll
  • %system%\­iscsiexe.dll
  • %localappdata%\­AppUIHelper.dll

The trojan may register itself as a system service using one of the following file names:

  • AppMgmt
  • MSiSCSI

This causes the trojan to be executed on every system start.

Information stealing

Win64/Agent.ZPG is a trojan that steals sensitive information.


The trojan collects the following information:

  • CPU information
  • amount of operating memory
  • video controller type
  • operating system version
  • computer name
  • the path to specific folders
  • list of files/folders on a specific drive
  • list of disk devices and their type
  • malware version
Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. The TCP protocol is used in the communication.


It can execute the following operations:

  • run executable files
  • download files from a remote computer and/or the Internet
  • send requested files
  • delete files
  • update itself to a newer version

The trojan may create the following files:

  • %temp%\­calc.exe
  • %temp%\­fm64.tmp

The trojan may delete the following files:

  • %system%\­dllcache\­appmgmts.dll
  • %temp%\­fm64.tmp

Please enable Javascript to ensure correct displaying of this content and refresh this page.