Trojan.win32.zyx.awk
Information theft, remote access, and serving as a "dropper" for secondary infections. How It Infects a System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run trojan.win32.zyx.awk
Always refer to your antivirus vendor’s threat encyclopedia for the latest IoCs and updated detection names. Information theft, remote access, and serving as a
To understand the threat, we must first deconstruct the name provided by the antivirus engine (typically used by Microsoft Defender and other legacy security suites). trojan.win32.zyx.awk
Variants of this family have been actively tracked since at least 2020.
This trojan employs several anti‑forensics techniques:
via the Windows Registry: