Threat Database Stealers Infostealer.Nasdosto


By ESGI Advisor in Stealers

Threat Scorecard

Ranking: 2,117
Threat Level: 90 % (High)
Infected Computers: 15,478
First Seen: January 23, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

Infostealer.Nasdosto is a Trojan that steals information from the corrupted PC. While being run, Infostealer.Nasdosto creates the files on the infected computer system. Infostealer.Nasdosto creates the registry entries so that it can load automatically every time Windows is started. Infostealer.Nasdosto logs keystrokes on the victimized computer system. Infostealer.Nasdosto transfers the collected information to the remote locations.

File System Details

Infostealer.Nasdosto may create the following file(s):
# File Name Detections
1. %System%\ns7dos.exe
2. %System%\ns6dos.exe
3. %System%\ns2dos.exe
4. %System%\nsdos2.exe
5. %System%\ns7dos
6. %System%\ns6dos
7. %System%\ns2dos
8. %System%\nsdos2

Registry Details

Infostealer.Nasdosto may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"msdos-debug" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"msdos-debug2" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"nsdos-debugg" = "[HEXADECIMAL CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[RANDOM CLSID]\"StubPath" = "[HEXADECIMAL CHARACTERS]"


Most Viewed