Home / malwarePDF  

HackTool:Win32/Mailpassview


First posted on 15 February 2019.
Source: Microsoft

Aliases :

HackTool:Win32/Mailpassview is also known as Win-AppCare/Agent.89088, W32/MalwareS.WQG, Gen2.BPVYO, HackTool.Mailpassview!kmuIKt+KsCs, HackTool.IBI, TR/Agent.89088.V, Tool.PassView.13, Win32/PSWTool.MailPassView.A, PSWTool.Win32.Messen, Trojan.Win32.Generic.5209991A, NirSoft, PSWTool.Win32.MailPassView.as, MailPassView.

Explanation :

HackTool:Win32/Mailpassview is a freeware tool that is used to display passwords for a number of email applications.   It has a graphical user interface (GUI), but can be run without being displayed to the affected user by utilizing command line switches to save the captured password information to various formats. It can show passwords for the following email applications:   Microsoft Outlook Express Microsoft Outlook Windows Mail Windows Live Mail IncrediMail Eudora Netscape 6.x/7.x Mozilla Thunderbird Yahoo! Mail Hotmail/MSN mail Gmail A configuration file named .cfg is dropped in the folder the program runs from, f or example, Mailpv.exe would drop Mailpv.cfg. An image of the tool is shown below:   In the wild, we have observed HackTool:Win32/Mailpassview being used by Trojan:Win32/Nedsym in order to steal passwords from affected users.  Analysis by Michael Johnson

Last update 15 February 2019

 

TOP