Home / malware Backdoor:Win32/FlyAgent.E
First posted on 09 February 2009.
Source: SecurityHomeAliases :
Backdoor:Win32/FlyAgent.E is also known as Also Known As:Win32/Nuj.A (CA), Trojan-Spy.Win32.Agent.amv (Kaspersky), Trojan.Downloader.EPL.B (BitDefender), Generic PWS.y (McAfee), BACKDOOR.Trojan (Symantec).
Explanation :
Backdoor:Win32/FlyAgent.E is the DLL component of a backdoor trojan program that is capable of performing several actions depending on the commands of a remote attacker.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Backdoor:Win32/FlyAgent.E is the DLL component of a backdoor trojan program that is capable of performing several actions depending on the commands of a remote attacker.
Installation
To determine where the main trojan program is installed, it queries the following registry entry: Value: "Path"
In subkey: HKCUSoftwareFlySkyEInstall It attempts to load the following libraries to perform its backdoor routines:krnln.fnr krnln.fne
Payload
Backdoor FunctionalityDepending on the commands it may receive from a remote attacker, it is capable of performing the following actions:Log keystrokes Gather and send system information Download and execute arbitrary files Connect to a website Additional InformationIt has the following strings in its malware code:
WTNE / MADE BY E COMPILER - WUTAO
Analysis by Francis Allan Tan SengLast update 09 February 2009
