Trojan.Win32.Agent.bi

Technical Details

This Trojan program is a Windows PE EXE file approximately 12KB in size.


Once launched, the Trojan registers itself in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:


[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"<original file name>" = "<path to Trojan program>"

The Trojan can have a variety of names, and function both as a standard application and as a service (in systems running Windows NT/2K/XP)


The Trojan tracks which web sites are visited using the victim machine.


It may also download other programs from the Internet, save them to the victim machine and launch them for execution.