Quote:
Originally Posted by chrissn13  This program contains a password stealer.
PWS:Win32/Strpasseal.B
I did some analyzing of the program and I found that there is an executable encoded/encrypted in the injection program “dZPH00kv4.exe”. When the program is ran it extracts an executable with a random numerical name into the temp directory. Then it executes it.
I did a virus scan of the executable that is extracts. Here it is:
a-squared 4.5.0.41 2009.10.22 Trojan-Downloader.Win32.Small!IK
AhnLab-V3 5.0.0.2 2009.10.22 Win-Trojan/Downloader.20992.HH
AntiVir 7.9.1.44 2009.10.22 TR/Agent.RRX
Antiy-AVL 2.0.3.7 2009.10.22 Trojan/Win32.Agent.gen
Authentium 5.1.2.4 2009.10.22 W32/Downldr2.GCMU
Avast 4.8.1351.0 2009.10.21 Win32:Trojan-gen
AVG 8.5.0.423 2009.10.22 Generic13.BMWA
BitDefender 7.2 2009.10.22 Trojan.Generic.2164967
CAT-QuickHeal 10.00 2009.10.22 TrojanDownloader.Small.almj
ClamAV 0.94.1 2009.10.22 Trojan.Downloader-74007
Comodo 2692 2009.10.22 TrojWare.Win32.TrojanDownloader.Small.~ZBL
DrWeb 5.0.0.12182 2009.10.22 Trojan.DownLoad.41539
eSafe 7.0.17.0 2009.10.22 Suspicious File
eTrust-Vet 35.1.7079 2009.10.22 Win32/SillyPWS.T
F-Prot 4.5.1.85 2009.10.22 W32/Downldr2.GCMU
F-Secure 9.0.15370.0 2009.10.22 Trojan.Generic.2164967
Fortinet 3.120.0.0 2009.10.22 -
GData 19 2009.10.22 Trojan.Generic.2164967
Ikarus T3.1.1.72.0 2009.10.22 Trojan-Downloader.Win32.Small
Jiangmin 11.0.800 2009.10.22 Trojan/Agent.cllx
K7AntiVirus 7.10.877 2009.10.22 -
Kaspersky 7.0.0.125 2009.10.22 Trojan-Downloader.Win32.Small.almj
McAfee 5779 2009.10.22 Downloader-BTI
McAfee+Artemis 5779 2009.10.22 Downloader-BTI
McAfee-GW-Edition 6.8.5 2009.10.22 Trojan.Agent.csmr
Microsoft 1.5202 2009.10.22 PWS:Win32/Strpasseal.B
NOD32 4534 2009.10.22 Win32/PSW.Agent.NMP
Norman 6.03.02 2009.10.22 -
nProtect 2009.1.8.0 2009.10.22 -
Panda 10.0.2.2 2009.10.21 Trj/Downloader.MDW
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.22 -
Rising 21.52.34.00 2009.10.22 Trojan.DL.Win32.Undef.qee
Sophos 4.46.0 2009.10.22 Troj/Dloadr-CTC
Sunbelt 3.2.1858.2 2009.10.22 -
Symantec 1.4.4.12 2009.10.22 Infostealer
TheHacker 6.5.0.2.051 2009.10.22 -
TrendMicro 8.950.0.1094 2009.10.22 TROJ_AGENT.AUKJ
VBA32 3.12.10.11 2009.10.22 Trojan-Downloader.Win32.Small.almj
ViRobot 2009.10.22.2001 2009.10.22 Trojan.Win32.Downloader.20992.MH
VirusBuster 4.6.5.0 2009.10.22 Trojan.PWS.Strpasseal.P | So this, when ran, takes and steals the password.
is there anyway for it to not take the password and still have the hack working?
__________________ Get over 10K [ ]
Get over 15K []
Get over 20K [: : ]
Get called a hacker when not hacking []
Get called a hacker when hacking []
Buy Vip from any site [ ]
Get banned []
Buy NX [: : ]
Buy over 50NX []
Buy over 100NX []
Make a hack with my uncle (he programmer) []
Get kicked from a game when i was hacking but vote was for other/glitching []
Go to a concert of my fav bands []
Follow 1 of my fav bands on a cross country tour []
Become old enogh to drink []
Drink even tho im not old enogh []
Fail at spelling []
Finish list [] | 
Linear Mode
