Win32/TrojanDownloader.Agent.EAT [Threat Name] go to Threat

Win32/TrojanDownloader.Agent.EAT [Threat Variant Name]

Category trojan
Size 110760 B
Aliases Trojan-Dropper.Win32.Dapato.pcoa (Kaspersky)
  Trojan:Win32/Occamy.C (Microsoft)
Short description

Win32/TrojanDownloader.Agent.EAT is a trojan which tries to download other malware from the Internet.


When executed, the trojan copies itself into the following location:

  • %commonappdata%\­%variable1%.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable2%" = "%malwarefilepath%"
  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable2%" = "%malwarefilepath%"

A string with variable content is used instead of %variable1-2% .

The trojan executes the following files:

  • %malwarefilepath%

To gain administrator access rights it attempts to exploit one of the following vulnerabilities:

* Win32k Elevation of Privilege Vulnerability - CVE-2016-7255

Other information

The trojan contains a URL address.

It tries to download a file from the address.

The file is stored in the following location:

  • %temp%\­%variable%.exe

A string with variable content is used instead of %variable% .

The file is then executed. The HTTP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.