Home / malware HackTool:Win32/WpePro
First posted on 23 November 2012.
Source: MicrosoftAliases :
HackTool:Win32/WpePro is also known as Application.Sniffer.Wpepro.E (BitDefender), Hack.Sniffer.Win32.WPEPro.b (Rising AV), HackTool.Win32.Sniffer.WpePro.w (Kaspersky), Hacktool.WPE (Symantec), Program.Wpe (Dr.Web), Sniffer.Win32.WpePro (Ikarus), Sniff-WpePro (McAfee), Troj/WpePro-A (Sophos), TROJ_SPNR.15CF12 (Trend Micro), W32/Hacktool.IW (Norman), Win32/Sniffer.WpePro.B (ESET), Win-Trojan/Wpepro.184320.B (AhnLab).
Explanation :
HackTool:Win32/WpePro is a tool called Winsock Packet Editor Pro or "WPE PRO" that listens, logs, filters, and modifies Internet traffic sent to and from your computer.
The tool may be used to hack online communications and online games by mimicking traffic from the communication or game.
According to the tool's website, Winsock Packet Editor Pro can be used to "spy on other network users and collect sensitive information such as passwords" or to "gain information for effecting a network intrusion".
While the tool is not installed in a specific location, the presence of the program may be indicated by the following files:
- "WPE PRO - modified.exe" or "WPE PRO.exe" - this is the tool's executable file
- "WpeSpy.dll" - this file is used to filter the traffic that is displayed in the tool
The following is a screenshot of the tool's window:
The tool can apply filters to modify the traffic, as in the following screenshot:
Analysis by Michael Johnson
Last update 23 November 2012
