Win32/USBStealer [Threat Name] go to Threat

Win32/USBStealer.A [Threat Variant Name]

Category trojan
Size 49664 B
Short description

The trojan serves as a backdoor. It can be controlled remotely.


When executed, the trojan copies itself into the following location:

  • C:\­windows\­system32\­USBGuard.exe

The trojan registers itself as a system service using the following name:

  • USBGuard

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "USBGuard" = "%malwarefilepath%"

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects the following information:

  • information about the operating system and system settings
Other information

The trojan acquires data and commands from files with specific content.

It can execute the following operations:

  • run executable files
  • copy files
  • create folders
  • delete files

For further information follow the links below:

* Sednit Espionage Group Attacking Air-Gapped Networks

Please enable Javascript to ensure correct displaying of this content and refresh this page.