Description date

29 September 2015

Description of malware class


A malicious program that stealthily installs other malicious programs, which are contained in the body of this type of Trojan, on a computer without the user's authorization.

In most cases, this type of malware saves other files to the disk of the victim computer (usually in the Windows folder, a Windows system folder, a temporary folder, etc.) and runs them without displaying any notifications (or sometimes with deceptive notifications about an archive error, invalid operating system version, and so forth).

By using programs of this class, hackers achieve two goals:

  • Installing Trojans and viruses in a stealthy way.
  • Preventing detection by anti-virus software, since not all anti-virus software is able to scan all the components inside such Trojans.

Description of platform


Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Description of malware family


These malicious programs install other malware, which is contained within the program, and run it on an infected computer without the user's knowledge.

Geographical distribution of attacks by the Trojan-Dropper.Win32.Agent family

Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 20.59
2 India 8.45
3 USA 6.42
4 Germany 5.60
5 Vietnam 3.95
6 Bangladesh 3.63
7 France 3.33
8 Brazil 3.21
9 Algeria 2.64
10 Mexico 2.04

* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware