Bird_banner_small4
Backdoor.MSIL.Klayaccess.A
TSL ID TSL20171004-04
Severity High
Description

Backdoor.MSIL.Klayaccess.A is a Backdoor that targets the Windows platform. This malware identifies itself to a remote server and accepts various commands to perform nefarious activities on the infected machine. The supported commands would allow to execute shell commands and send the results back to the remote server, create/delete/upload/execute a file, list drives/directories/files, capture keystrokes, encrypt/decrypt files, logoff the machine, perform mouse clicks and open/close the CD-ROM, take screenshots, and much more. Additionally, the malware copies itself to the user's Startup folder to achieve persistence.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 7A8CDC890C90EEC57D367898EDF5CF59
SHA1:
  • 7C49807A2BD91FA6BF4BF6EBDF0A67CD08D7F0DC
Identifiers
McAfee
  • ARTEMIS!7A8CDC890C90
TrendMicro
Arcabit
  • TROJAN.GENERIC.D1515852
Avira
  • TR/AGENT.JYIIX
BitDefender
  • TROJAN.GENERIC.22108242
ESET-NOD32
  • MSIL/AGENT.AZW
Fortinet
  • MSIL/AGENT.AZW!TR
Tencent
  • WIN32.TROJAN.GENERIC.AJMA
Webroot
  • TROJAN:WIN32/COMISPROC
References http://www.virusradar.com/en/MSIL_Agent.AZW/description
Related Threats