Win32/Spy.Buhtrap [Threat Name] go to Threat
Win32/Spy.Buhtrap.AB [Threat Variant Name]
| Category | trojan |
| Size | 138824 B |
| Aliases | Trojan-Spy.Win32.Agent.jrop (Kaspersky) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan does not create any copies of itself.
The trojan is usually a part of other malware.
Information stealing
Win32/Spy.Buhtrap.AB is a trojan that steals sensitive information.
The trojan collects the following information:
- computer name
- information about the operating system and system settings
- hardware information
- data from the clipboard
- screenshots
- locale settings
- language settings
- personal smart card information
The collected information is stored in the following files:
- %appdata%\ntuser.dat
- %appdata%\adobe\system.log
The trojan can send gathered information to a remote machine.
Other information
The trojan serves as a backdoor. It can be controlled remotely.
It can execute the following operations:
- log keystrokes
- download files from a remote computer and/or the Internet
- run executable files
The trojan contains a URL address.
It tries to download a file from the address.
The file is stored in the following location:
- %temp%\%variable%
The file is then executed. The HTTP protocol is used in the communication.
A string with variable content is used instead of %variable% .