Win32/Akuan [Threat Name] go to Threat

Win32/Akuan.A [Threat Variant Name]

Category trojan
Size 278016 B
Detection created Jan 29, 2003
Signature database version 1353
Aliases Trojan.Win32.Akuan (Kaspersky)
  Trojan:Win32/Akuan (Microsoft)
  potentially.unwanted.program.KeyLog-Akuan (McAfee)
Short description

Win32/Akuan.A is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation

When executed, the trojan creates the following files:

  • %windir%\­system\­svr.exe (278016 B)
  • %windir%\­system\­__gdi.dll (66048 B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "gdi" = "%windir%\­system\­svr.exe"
Information stealing

The trojan collects the following information:

  • user name
  • computer name

The trojan is able to log keystrokes.


The trojan sends the information via e-mail.

Other information

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­akuan]
    • "filenametolog" = "%variable1%"
    • "sendif" = "%variable2%"
    • "mailtosend" = "%variable3%"
    • "sendaftersize" = "%variable4%"
    • "sendafterday" = "%variable5%"
    • "lastsenddate" = "%variable6%"

A string with variable content is used instead of %variable1-6% .


The trojan contains a list of (1) URLs.


It opens these using the Internet Explorer .

Please enable Javascript to ensure correct displaying of this content and refresh this page.