Win-Spy 8.5 - Malware Gallery

Informations

Author	BC Computing
Family	Win-Spy
Category	Remote Access
Version	Win-Spy 8.5
Released Date	Jul 2005, 19 years, 4 months ago.
Language	Visual Basic

Additional Information

Server:
dropped files:
c:\Program Files\Accessories\Common\ChatRoom.txt
c:\Program Files\Accessories\Common\desktop.ini
c:\Program Files\Accessories\Common\Keylog.txt
c:\Program Files\Accessories\Common\OnlineTime.txt
c:\Program Files\Accessories\Common\WebsitesDetail.txt
c:\Program Files\Accessories\Common\WebsitesSummary.txt
c:\WINDOWS\Outlook.exe         Size: 63,488 bytes 
c:\WINDOWS\taskmgr.exe         Size: 108,544 bytes 
c:\WINDOWS\uniner.exe          Size: 26,112 bytes 
c:\WINDOWS\WinHandler.dll      Size: 97,792 bytes 
c:\WINDOWS\wsdll32.exe         Size: 57,856 bytes 
c:\WINDOWS\dll32\csrss.exe     Size: 81,920 bytes 
c:\WINDOWS\dll32\services.exe  Size: 98,816 bytes 
c:\WINDOWS\system32\ANSMTP.dll Size: 274,432 bytes 	

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NTSet"
data: C:\WINDOWS\dll32\services.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NTSet32"
dData: C:\WINDOWS\dll32\services.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS"
data: "C:\Program Files\Messenger\msmsgs.exe" /background 


tested on Windows XP
September 29, 2006