F-Secure
Tools
Trojan:W32/PasswordsPro
| Name : | Trojan:W32/PasswordsPro |
| Detection Names : |
PSWTool.Win32.PasswordsPro.q |
| Category: | Malware |
| Type: | Trojan |
| Platform: | W32 |
Summary
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Additional Details
This is the family description for the Trojan:W32/PasswordsPro trojan family.
Variants in the PasswordsPro trojan family disguise themselves as password cracker programs. While active, the program silently drops payloads that may consist of additional malware.
Installation
When executed, the trojan will drop the following files:
The setuphelper.exe file is a working, clean password cracker program. In addition, numerous additional files, using almost the same name but with differing numbers, will be created. These additional files are malware.
Note that the directory that the dropping occurs to may vary from %temp%.
Activity
Additional malicious behavior depends on the specific payloads of the dropped malware.
Variants in the PasswordsPro trojan family disguise themselves as password cracker programs. While active, the program silently drops payloads that may consist of additional malware.
Installation
When executed, the trojan will drop the following files:
• %temp%\setuphelper.exe
• %temp%\setup.exe - This is a copy of the malware.
The setuphelper.exe file is a working, clean password cracker program. In addition, numerous additional files, using almost the same name but with differing numbers, will be created. These additional files are malware.
Activity
Additional malicious behavior depends on the specific payloads of the dropped malware.