MSIL/Injector.G [Threat Name] go to Threat

MSIL/Injector.G [Threat Variant Name]

Category trojan
Size 363686 B
Aliases Trojan.MSIL.KillAV.h (Kaspersky)
  Trojan.ADH (Symantec)
  Trojan:Win32/Malagent (Microsoft)
Short description

MSIL/Injector.G is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation

When executed, the trojan creates the following files:

  • %system%\­explorer.exe
  • %appdata%\­explorer.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "svchost.exe" = "%system%\­explorer.exe"
  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Active Setup\­Installed Components]
    • "StubPath" = "%system%\­explorer.exe"
Other information

The trojan is able to log keystrokes.


The collected information is stored in the following file:

  • %system%\­explorer

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (1) URLs.

Please enable Javascript to ensure correct displaying of this content and refresh this page.