Home / malware Backdoor:Win32/FlyAgent.F
First posted on 15 February 2019.
Source: MicrosoftAliases :
Backdoor:Win32/FlyAgent.F is also known as Win32/Droplet.DT, Trojan-Dropper.Win32.Flystud.qo, Trojan horse SHeur2.SLT, Trojan.Peed.743, Win32/FlyStudio.NGO, W32/Peed.
Explanation :
Backdoor:Win32/FlyAgent.F is a trojan that has backdoor capabilities. It may perform certain actions based on the commands of a remote attacker. InstallationBackdoor:Win32/FlyAgent.F may drop itself using a random file name in a folder it creates in the Windows system folder. For example:
38955ccb05e3.exe Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32. It may also create a link in the Startup folder that points to its dropped copy. For example: cb05e3.lnk Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the Startup folder for Windows 9x, Me, NT, 2000, XP and 2003 is '%USERPROFILE%Start MenuProgramsStartup'. For Windows Vista, the default location is '%USERPROFILE%AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup'. Payload Performs backdoor functionalityBackdoor:Win32/FlyAgent.F is capable of performing actions based on the commands of a remote attacker, for example: Steal user credentials
Connect to various Web sites
Download and execute files
Kill processes
Drop other malware, such as VirTool:Win32/Afrootix.gen!B Analysis by Andrei Florin SaygoLast update 15 February 2019