Win32/Juasek [Threat Name] go to Threat

Win32/Juasek.D [Threat Variant Name]

Category trojan
Size 184320 B
Aliases Trojan.Win32.Agent.nfagkn (Kaspersky)
  Trojan.Siggen7.4102 (Dr.Web)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "winup" = "%malwarefilepath%"

The trojan executes the following commands:

  • %windir%\­system32\­cmd.exe REG ADD "HKLM\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run" /v winup /t REG_SZ /d "%malwarefilepath%" /f
  • %comspec% /c %malwarefilepath% abc 1
Information stealing

The trojan collects the following information:

  • computer name
  • computer IP address

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (3) URLs. The DNS protocol is used in the communication.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • execute shell commands
  • terminate running processes
  • send the list of disk devices and their type to a remote computer
  • upload file list
  • send requested files
  • send the list of running processes to a remote computer
  • create folders
  • delete files

Please enable Javascript to ensure correct displaying of this content and refresh this page.