Global sites
SolutionsProductsPurchaseDownloadPartnersSupportCompanyThreat Center
Threat CenterEset Online scannerESET SysInspectorThreatSense® ThreatSense.Net® Security TipsThreat LevelThreat Dictionary
Threat Encyclopaedia
Update infoVirus Radar on your Website
Antivirus Software NOD32 > Threat Center > Threat Encyclopaedia > P

Threat Encyclopaedia

Print this pageSend

Win32/PSW.Agent.NCC

Aliases:Trojan-PSW.Win32.OnLineGames.es (Kaspersky), Infostealer.Gampass (Symantec) 
Type of infiltration:trojan 
Size:approximately 12 kB 
Affected platforms:Microsoft Windows 
Signature database version:1962 
Short description:Win32/PSW.Agent.NCC is a trojan that steals sensitive information. 

Installation

When executed, the trojan copies itself in the %temp% folder using the following filename:

upxdn.exe

The following file is dropped in the same folder:

upxdn.dll

Size of the file is approximately 7 kB. The library is loaded and injected in the following process:

explorer.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"upxdn" = "%temp%\upxdn.exe"

 

Information stealing

The trojan collects information related to the on-line game Zhengtu. The trojan can send the information to a remote machine. The HTTP protocol is used.