Win32/Mogoa [Threat Name] go to Threat

Win32/Mogoa.A [Threat Variant Name]

Category trojan
Size 9728 B
Detection created Sep 21, 2017
Detection database version 16118
Aliases Backdoor:Win32/Floxif.gen!A (Microsoft)
  Trojan.CCleaner.1 (Dr.Web)
Short description

Win32/Mogoa.A is a trojan that steals various information about the infected computer. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware with name Win32/HackedApp.CCleaner.A .

Information stealing

Win32/Mogoa.A is a trojan that steals various information about the infected computer.


The trojan collects the following information:

  • operating system version
  • computer name
  • user domain name
  • MAC address
  • the list of installed software
  • list of running processes

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (1) IP addresses. The trojan generates various URL addresses. The HTTPS protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send gathered information

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Piriform\­Agomo]
    • "MUID" = %binaryvalue1%
    • "NID" = %binaryvalue2%
    • "TCID" = %binaryvalue3%

Please enable Javascript to ensure correct displaying of this content and refresh this page.