Win32/Agent.ZNG [Threat Name] go to Threat

Win32/Agent.ZNG [Threat Variant Name]

Category trojan
Size 364032 B
Detection created Mar 13, 2018
Detection database version 17049
Aliases Trojan:Win32/Occamy.C (Microsoft)
Short description

Win32/Agent.ZNG is a trojan that can interfere with the operation of certain applications.

Installation

When executed, the trojan copies itself into the following location:

  • C:\­ProgramData\­Microsoft Services\­lsm.exe

The trojan schedules a task that causes the following file to be executed repeatedly:

  • C:\­ProgramData\­Microsoft Services\­lsm.exe

The trojan executes the following command:

  • SCHTASKS.exe /Create /TN "Microsoft LocalManager" /ri 1 /st 00:00 /du 9999:59 /sc daily /f /TR\­""C:\­ProgramData\­Microsoft Services\­lsm.exe\­""

The trojan quits immediately if it detects a window containing one of the following strings in its title:

  • NetMonitor
  • taskmgr.exe
  • Process Killer
  • KillProcess
  • System Explorer
  • Process Explorer
  • AnVir
  • Process Hacker
  • Task Manager
  • Диспетчер
Payload information

The trojan may alter the contents of the clipboard.


The following services are affected:

  • Bitcoin
  • BlackCoin
  • ByteCoin
  • EmerCoin
  • Bitcoin Cash
  • ReddCoin
  • Ripple
  • Neo
  • Electroneum
  • Dash
  • Dogecoin
  • Ethereum
  • Litecoin
  • Monero
  • Zicash
  • Qiwi
  • Webmoney
  • YaMoney
  • Steam
  • Google
  • VKontakte
Other information

It communicates with the following servers using HTTP protocol:

  • i%removed%er.com/1Zc%removed%

Please enable Javascript to ensure correct displaying of this content and refresh this page.