GWGhost 2.72 - Malware Gallery

Informations

From	China
Author	Machine_GW
Family	GWGhost
Category	Information Stealer
Version	GWGhost 2.72
Released Date	May 2002, 22 years, 6 months ago.

Additional Information

Server:
c:\WINDOWS\SYSTEM\scanregw.exe 

size: 35.072 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun 

added:
c:\WINDOWS\SYSTEM\DXInput.dll

Author Information / Description

GWGhost v2.72

Raise a ghost for all passwords!
--------------------------------
GWGhost is a PassWord Stealer. The main purpose is to grab all the masked passwords appeared
on the screen. GWGhost will automatically detect which window contains masked passwords,
and then take a snapshot of all text information in that window. The information will
be sent to your mail-box at intervals. From v2.0 and on, GWGhost can also log key strokes
of applications. You can setup GWGhost about which applications will be logged.

Many products, for example, Glacier, scan all windows repeatly for passwords and slow
down the system. Other product, alternatively, scan periodically but just lose some 
important information when the password stays not long enough on the screen.

GWGhost use another technique to solve these problems. It sets MouseHook and KeyboardHook 
to the whole system so that it can determine when to carry out a scan. And it only 
scan one application each time. GWGhost is fast and silent!

Another advantage is that you will never be disturbed by network firewalls,
even they can impose per-application restrictions. That's because GWGhost inject 
itself into other applications and do not perform the mail sending routines by itself.

History
-------------------------------

v2.72
-> Bug fixed.
-> Added English Edition.

Machine_GW