Win32/Flyagent [Threat Name] go to Threat

Win32/Flyagent.NGX [Threat Variant Name]

Category trojan
Size 1531904 B
Detection created Jun 02, 2016
Detection database version 13587
Aliases Trojan:W32/DelfInject.R (F-Secure)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan is usually bundled within installation packages of various legitimate software.

The trojan may create copies of itself using the following filenames:

  • C:\­360Micn.exe

In order to be executed on system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "yckhd" = "C:\­360Micn.exe"
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a URL address. The HTTP protocol is used in the communication.

It may perform the following actions:

  • log keystrokes
  • block keyboard and mouse input
  • simulate user's input (clicks, taps)
  • simulate mouse activity
  • download files from a remote computer and/or the Internet
  • upload files to a remote computer
  • capture screenshots
  • capture webcam video/voice
  • hide taskbar
  • show/hide application windows
  • visit a specific website
  • send the list of running processes to a remote computer
  • start/stop services
  • run executable files
  • terminate running processes
  • create Registry entries
  • delete Registry entries
  • various filesystem operations
  • shut down/restart the computer
  • steal information from the Windows clipboard
  • collect information about the operating system used
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.