Home / malware

PDF

PWS:Win32/Fignotok.B

First posted on 15 February 2019.
Source: Microsoft

Aliases :

PWS:Win32/Fignotok.B is also known as Trojan.Fignotok.Gen, TROJ_FIGNOTO.SMA.

Explanation :

PWS:Win32/Fignotok.B is a detection for malware that collects user credentials from various applications and sends them to remote server.

Installation

PWS:Win32/Fignotok.B may be dropped and run by other malware. It checks if certain debugging applications are currently running on the computer and exits if this is the case. It also exits if the following programs are running:

Process Monitor Wireshark

Depending on the sample, PWS:Win32/Fignotok.B may delete itself immediately upon completing its payload.

Payload

Steals user credentials
PWS:Win32/Fignotok.B collects saved user credentials from the following applications:

DynDNSUpdateClient FileZilla Firefox2 Firefox3 FlashFXP GoogleTalk InternetExplorer MSNMessenger no-ipDynamicUpdateClient Paltalk Pidgin Trillian ValveSteam

It then sends the collected information to a remote server, for example, sanarapid.info.

Analysis by Shawn Wang

Last update 15 February 2019

 

TOP