Publication Date 10/04/2017
Class TrojWare

Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.

Description Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers. This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.). Such programs are used by hackers to: secretly install Trojan programs and/or viruses protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.


JavaScript (JS) is a prototype-based programming language. JavaScript has traditionally been implemented as an interpreted language. The most common use is in web browsers, where it is used for scripting to add interactivity to web pages.


Written in JavaScript, this script contains malware, which it installs and runs on the victim computer.

Geographical distribution of attacks by the Trojan-Dropper.JS.Agent family

Geographical distribution of attacks during the period from 10 April 2016 to 10 April 2017

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 14.28
2 Japan 8.60
3 Germany 6.30
4 Saudi Arabia 5.24
5 Brazil 5.16
6 France 5.12
7 India 4.45
8 Italy 3.71
9 Mexico 3.44
10 Malaysia 3.04

* Percentage among all unique Kaspersky Lab users worldwide attacked by this malware