Win32/TrojanDownloader.Agent.DVC [Threat Name] go to Threat

Win32/TrojanDownloader.Agent.DVC [Threat Variant Name]

Category trojan
Size 270704 B
Detection created Feb 01, 2018
Detection database version 16832
Aliases Trojan.Win32.BitCoinMiner.adf (Kaspersky)
  Downloader (Symantec)
  Trojan:Win32/CoinMiner.PW!bit (Microsoft)
Short description

Win32/TrojanDownloader.Agent.DVC is a trojan which tries to download other malware from the Internet. It can be controlled remotely. The file is run-time compressed using Obsidium .

Installation

The trojan does not create any copies of itself.


The trojan contains a URL address.


It tries to download a file from the address.


The file is stored in the following location:

  • %temp%\­ups2.exe

The following programs are terminated:

  • conime.exe
  • ups2.exe

The trojan creates copies of the following files (source, destination):

  • %temp%\­ups2.exe, %programfilescommon%\­conime.exe

The trojan executes the following command:

  • %programfilescommon%\­conime.exe -C create -r

The trojan registers itself as a system service using the following name:

  • Windows Audio Control

This causes the trojan to be executed on every system start.


The trojan then deletes following files:

  • %temp%\­ups2.exe

After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (5) URLs. The HTTP protocol is used in the communication.


It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • terminate running processes
  • delete files

Please enable Javascript to ensure correct displaying of this content and refresh this page.