MSIL/Injector.G [Threat Name] go to Threat
MSIL/Injector.G [Threat Variant Name]
Category | trojan |
Size | 363686 B |
Aliases | Trojan.MSIL.KillAV.h (Kaspersky) |
Trojan.ADH (Symantec) | |
Trojan:Win32/Malagent (Microsoft) |
Short description
MSIL/Injector.G is a trojan that steals sensitive information. The trojan can send the information to a remote machine.
Installation
When executed, the trojan creates the following files:
- %system%\explorer.exe
- %appdata%\explorer.exe
In order to be executed on every system start, the trojan sets the following Registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "svchost.exe" = "%system%\explorer.exe"
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components]
- "StubPath" = "%system%\explorer.exe"
Other information
The trojan is able to log keystrokes.
The collected information is stored in the following file:
- %system%\explorer
The trojan attempts to send gathered information to a remote machine.
The trojan contains a list of (1) URLs.