Skip navigation.

Trojan-Dropper.Win32.Agent.aang - focusing on the rootkit

Hi all!
Today I will show you the analysis of Trojan-Dropper.Win32.Agent.aang (Kaspersky), it’s a p2p worm that spreads through p2p applications by using .rar archives with different names.
These names are something like "xxx.crack.rar" or "xxx.keygen.rar" where xxx is the name of a famous application.
This time I focuses on the analysis of the rootkit because the trojan is very simple to understand.
The article is here: