Selected viruses, spyware, and other threats: sorted alphabetically
Win32/PSW.Pebox.AA
|
Short description
Win32/PSW.Pebox.AA is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine. The file is run-time compressed using UPX.Installation
When executed, the trojan creates the following files:- %system%Lecomd.dll (28672 B)
- %system%Kance.dll (4608 B)
- %system%YuMen.dll (256 B)
- %system%lpk.dll, %system%myLink.dll
- %system%Kance.dll, %system%lpk.dll
- %system%dllcachelpk.dll
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Winlogon]
"ins" = "*Lecomd.dll,"
"SfcDisable" = %variable1%
Libraries with the following names are injected into all running processes:
- %system%lpk.dll
- %system%Lecomd.dll
Information stealing
The trojan gathers information related to the following processes:- QQLogin.exe
- DNF.exe
- informácie sieťového adaptéra
- capture screenshots
- send files to a remote computer
The trojan contains a list of (1) URLs.
The HTTP protocol is used.
Other information
The trojan executes the following command:- %system%sfc.exe /REVERT
- QQLogin.exe
- DNF.exe
- %system%rundll32.exe, %temp%%variable2%
- %system%lpk.dll, %system%%variable3%.dat
The trojan may create the following files:
- %system%Bans.dat
- %system%dllcachePansss.jpg
