Home / malwarePDF  

TrojanDownloader:Win32/Agent.QE


First posted on 25 August 2019.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Agent.QE is also known as Trojan.DownLoad2.13890, W32/Downloader.DMPQ.

Explanation :

TrojanDownloader:Win32/Agent.QE is a detection for software that downloads other programs from a pre-specified server. Win32/Agent.QE also communicates other data to a remote server. InstallationTrojanDownloader:Win32/Agent.QE is commonly distributed as a Nullsoft installation executable with the following file icon: 

 When run, it drops various files, or downloads arbitrary files, into the Temporary files folder as in the following example: 

 These downloaded programs may then launch the web browser to numerous sites, consecutively, to display offers for various products: 

 

 Message windows are displayed, sometimes in the Windows system tray: 

 TrojanDownloader:Win32/Agent.QE communicates with a remote server using a server-side script. Several variants of Agent:QE connect to a script named "trackstats.php".  Analysis by Francis Allan Tan Seng

Last update 25 August 2019

 

TOP