Trojan-Dropper.Win32.Agent.vw

Technical Details

This Trojan downloads other malicious programs to the victim machine without the user's knowledge or consent. The Trojan is a Windows PE EXE file an is 262717 bytes in size.

When launched, this Trojan creates and then executes the following files:

• %System%\bpk.exe — this file will be detected by Kaspersky Anti-Virus as not-a-virus:Monitor.Win32.Perflogger.ad;
• %System%\bpkhk.dll — this file will be detected by Kaspersky Anti-Virus as not-a-virus:Monitor.Win32.Perflogger.al;
• %System%\bpkr.exe — this file will be detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.Perfloger.l;
• %System%\bpkwb.dll — this file will be detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.Perfloger.l.

The Trojan then registers bpk.exe in the system registry, ensuring that it will be launched each time Windows is rebooted on the victim machine.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"bpk" = "%System%\bpk.exe"

The Trojan also creates files with the following names on the victim machine:

%System%\bpk.dat
%System%\inst.dat
%System%\kw.dat
%System%\pk.bin