Win32/Agent.PWG [Threat Name] go to Threat
Win32/Agent.PWG [Threat Variant Name]
Category | trojan |
Size | 12800 B |
Aliases | VirTool:Win32/Obfuscator.UO (Microsoft) |
Short description
The trojan has a simple payload. The trojan is usually a part of other malware.
Installation
The trojan does not create any copies of itself.
Other information
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs" = "%originalvalue%, %variable%"
This way the trojan ensures that the libraries with the following names will be injected into all running processes:
- %variable%
A string loaded from %allusersprofile%\desktop.ini is used instead of %variable% .
The trojan quits immediately if the executable file path contains one of the following strings:
- explorer.exe
- logonui.exe
- lsass.exe
- st.exe
- system32
- taskeng.exe
- windows
- winlogon.exe