SecurityHome.eu Trojan.Clicker.Agent.NP

Home / malware PDF

Trojan.Clicker.Agent.NP

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.Clicker.Agent.NP.
Explanation :
The trojan obtains an unique UUID on computer which on it executes and sends it as a string using GET method to an PHP script located on an internet server. It creates an URL like this:
http://65.243.x.x/trafc-2/rfe.php?cmp=tekcookon&uid=[obtained UUID]&version=1.0&lid=[first/third]

After it the virus deletes itself using command interpreter obtained from COMSPEC environment variable, executing the command "del [virus_pathname]", so user may observe one more process created by the trojan with name "cmd.exe".
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Exploit.JS.Agent.F
Trojan-Downloader:HTML/Agent.DY
Trojan.Downloader.JS.Agent.PB
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan-Dropper:W32/Agent.DSM
Trojan-Downloader:W32/Agent.BOY
Trojan-Dropper:W32/Agent.PR
Email-Worm:W32/Agent.BC
Trojan.Clicker.Agent.NP