Spy Agent 1.3B

Spy Agent 1.3B
(Constructor.Win32.Delf.bj)
(not-a-virus:PSWTool.Win32.ProductKey.d)
(not-a-virus:PSWTool.Win32.Messen.ap)

by AliCaNelKa

Written in Delphi

Released in December 2007

Made in Turkey

more versions


Password Stealer for
  
    * MSN Messenger
    * Windows Messenger (In Windows XP)
    * Windows Live Messenger (In Windows XP And Vista)
    * Yahoo Messenger (Versions 5.x and 6.x)
    * Google Talk
    * ICQ Lite 4.x/5.x/2003
    * AOL Instant Messenger (only older versions, the password in newer versions of AIM cannot be recovered)
    * AOL Instant Messenger/Netscape 7
    * Trillian
    * Miranda
    * GAIM 


Server
Dropped Files:
c:\WINDOWS\FF.Txt                                                   Size: 32 bytes 
c:\WINDOWS\Test1.bat                                                Size: 34 bytes 
c:\WINDOWS\system32\FFlogger.dll                                    Size: 19,968 bytes 
c:\WINDOWS\system32\ie.dll                                          Size: 145,828 bytes 
c:\WINDOWS\system32\msn.dll                                         Size: 170,618 bytes 
c:\WINDOWS\system32\out.dll                                         Size: 136,042 bytes 
c:\WINDOWS\system32\pr.dll                                          Size: 29,696 bytes 
c:\WINDOWS\system32\spytool.dll                                     Size: 15,872 bytes 
c:\WINDOWS\system32\wr.dll                                          Size: 38,912 bytes 
c:\WINDOWS\system32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe    Size: 577,735 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft DirectX Diagnostic Tool"
Data: C:\WINDOWS\System32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\X12 "dir"
Data: C:\WINDOWS\System32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe 




Tested on Windows XP
December 19, 2007

MegaSecurity