pátek 24. února 2012

Trojan:Win32/Wimpixo.E


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Feb 16, 2011

Aliases
  • Win-Trojan/Wimpixo.61440.B (AhnLab)
  • TR/Wimpixo.E.3 (Avira)
  • Win32/Wimpixo.A (CA)
  • Win32/Wimpixo.AJ (ESET)
  • Trojan.Win32.Wimpixo (Ikarus)
  • Trojan-Dropper.Win32.Wimpixo.e (Sunbelt Software)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.175.0
Released: Feb 22, 2012
Detection initially created:
Definition: 1.91.312.0
Released: Sep 21, 2010


 

Summary

Trojan:Win32/Wimpixo.E is a dynamic link library file that may be installed by other malware. It steals information about the computer it currently runs in, which it then sends to certain servers.


 

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.


 

Technical Information (Analysis)

Trojan:Win32/Wimpixo.E is a dynamic link library file that may be installed by other malware. It steals information about the computer it currently runs in, which it then sends to certain servers.
Installation
Trojan:Win32/Wimpixo.E is a dynamic link library file that is installed by other malware and may be present as the following file:
 
<system folder>\6to4v32.dll
 
It can be run as a service in the affected computer.
Payload
Steals system information
When run, Trojan:Win32/Wimpixo.E collects the following information about the computer:
 
  • Computer name
  • User name
  • MAC address
  • Security identifier name for the account
 
It then connects to one of the following servers to send the information:
 
  • andjobs.com
  • 1pennyhotels.com
  • hotelseas.com
 
It can also search for the file "certstore.dat" in the default system folder and send the contents of the file to any of the abovementioned servers.
 
Analysis by Marianne Mallen

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.