Home / malware

PDF

PWS:Win32/PWSteal.M

First posted on 02 September 2010.
Source: SecurityHome

Aliases :

PWS:Win32/PWSteal.M is also known as Trj/Autoit.gen (Panda).

Explanation :

PWS:Win32/PWSteal.M is the detection for a trojan that drops several password-recovery tools in the computer. These tools collect user information, which may then be sent to a remote attacker.
Top

PWS:Win32/PWSteal.M is the detection for a trojan that drops several password-recovery tools in the computer. Payload Drops other files PWS:Win32/PWSteal.M drops several password-recovery tools such as the following files:

%Temp%\iepv.exe - detected as Tool:Win32/IEPassRecover.A

%Temp%\mspass.exe - detected as Tool:Win32/MessenPass.A

%Temp%\passwordfox.exe

%Temp%\steampwd.exe

%Temp%\stpv.exe

%Temp%\vmdpmouch.exe

These dropped files may collect user information for various accounts. The collected passwords are stored in the following files: %Temp%\mspass.txt %Temp%\ffpass.txt %Temp%\fzpass.txt %Temp%\iepass.txt %Temp%\SteamPass.txt %Temp%\passvoodoo.txt PWS:Win32/PWSteal.M then attempts to send the information in these files to a remote attacker. Modifies computer settings PWS:Win32/PWSteal.M may prevent Windows Defender from displaying a warning. It may also close the Task Manager process.

Analysis by Andrei Florin Saygo

Last update 02 September 2010

 

TOP