FANDOM


Trojan.Win32.Agent2.dmdi or Agent2.dmdi is a trojan on Microsoft Windows from the Agent2 family that is designed to steal User's Authentication data.

Payload

After launching, the malicious library checks the name of the process. By loading "duospeak.exe" process in the address space, it then allows the user to enter their authentication data to the "YYMainWnd", that will send such data to the following IP addresses.

124.***.56.12
121.***.13.22

Sources