Win-Spy 9.0 build 175

Win-Spy 9.0 build 175
(Trojan-Spy.Win32.WinSpy.ds)
(Trojan.Win32.Whispy.f)
(not-a-virus:Monitor.Win32.WinSpy.x)
(not-a-virus:Monitor.Win32.WinSpy.bh)
(Trojan-Spy.Win32.Small.hw)
(HackTool.Win32.Freezer.c for Remote Install)

by BC Computing

Written in Visual Basic

Released in August 2007

more versions




Remote Install File:
dropped files:
c:\WINDOWS\msmsgrs.exe                   Size: 94,208 bytes 
c:\WINDOWS\msn64.exe                     Size: 106,496 bytes 
c:\WINDOWS\outlookrem.exe                Size: 57,344 bytes 
c:\WINDOWS\proxy32.exe                   Size: 344,064 bytes 
c:\WINDOWS\rsmpls.exe                    Size: 61,440 bytes 
c:\WINDOWS\ruto32.exe                    Size: 40,960 bytes 
c:\WINDOWS\winup32.exe                   Size: 69,632 bytes 
c:\WINDOWS\vzones\services.exe           Size: 122,880 bytes 
c:\WINDOWS\vzones\smss.exe               Size: 176,128 bytes 
c:\WINDOWS\system32\CSpool\rsver.dll     Size: 92,160 bytes 
c:\WINDOWS\system32\CSpool\setup1.exe    Size: 131,072 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ccAppRemXP"
data: C:\WINDOWS\msn64.exe 


tested on Windows XP
September 05, 2007

MegaSecurity