Win32/Spy.Agent.OUD [Threat Name] go to Threat

Win32/Spy.Agent.OUD [Threat Variant Name]

Category trojan
Size 69632 B
Detection created Dec 07, 2015
Detection database version 12684
Short description

Win32/Spy.Agent.OUD is a trojan that steals sensitive information. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.

Information stealing

Win32/Spy.Agent.OUD is a trojan that steals sensitive information.


The trojan collects the following information:

  • computer name
  • user name
  • operating system version
  • information about the operating system and system settings
  • the path to specific folders
  • list of disk devices and their type
  • language settings
  • list of running processes
  • logged keystrokes
  • network adapter information
  • computer IP address

The trojan keeps various information in the following files:

  • %workingfolder%\­frfn.db
  • %workingfolder%\­file.frf
  • %workingfolder%\­%variable1%~%computername%_1sysinfo
  • %workingfolder%\­%variable1%~%computername%_1sysinfo.tn
  • %workingfolder%\­%variable1%~%computername%_1sysinfof%variable2%-%variable3%.tn
  • %workingfolder%\­%variable1%~%computername%_1ipconf
  • %workingfolder%\­%variable1%~%computername%_1ipconff%variable4%-%variable5%.tn
  • %workingfolder%\­%variable1%~%computername%_%datetime%.tn

A string with variable content is used instead of %variable1-5% .

Other information

The trojan executes the following commands:

  • cmd /c makecab "%workingfolder%\­%variable1%~%computername%_1sysinfo" "%workingfolder%\­%variable1%~%computername%_1sysinfo.tn"
  • cmd /c ipconfig -all >> %workingfolder%\­%frfn%~%computername%_1ipconf
  • cmd /c makecab "%workingfolder%\­%variable1%~%computername%_1ipconf" "%workingfolder%\­%variable1%~%computername%_1ipconf.tn"

Please enable Javascript to ensure correct displaying of this content and refresh this page.