Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan Win32

Trojan.Win32.Agentb.lhxw

Update Date
11/07/2023

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan.Win32.Agentb

No family description

Examples

9181F82DBB02D40E6CDB3DE6254BDA87
F86ACEBE0449D2EA698A1DD55F127CB1
4266B66ECC1AE42BA584D60712F82763
63A853444EC01BF4F6C8751B7EAA07F2
7061A1419E1F64F3AF96D52CA963455A

Tactics and Techniques: Mitre*

TA0002
Execution

Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.


T1203
Exploitation for Client Execution

Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
29 August 2025
Securelist
How attackers adapt to built-in macOS protection
27 August 2025
Securelist
Exploits and vulnerabilities in Q2 2025
22 August 2025
Securelist
Modern vehicle cybersecurity trends
19 August 2025
Securelist
GodRAT – New RAT targeting financial institutions
18 August 2025
Securelist
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
13 August 2025
Securelist
New trends in phishing and scams: how AI and social media are changing the game
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.