Home / malware TrojanSpy:Win32/Chymine.A
First posted on 27 July 2010.
Source: SecurityHomeAliases :
There are no other names known for TrojanSpy:Win32/Chymine.A.
Explanation :
TrojanSpy:Win32/Chymine.A is the detection for malware dropped by Trojan:Win32/Chymine.A. It is capable of logging user keystrokes.
Top
TrojanSpy:Win32/Chymine.A is a keylogging malware dropped by Trojan:Win32/Chymine.A. Installation TrojanSpy:Win32/Chymine.A may be dropped and installed in the computer by Trojan:Win32/Chymine.A. It usually arrives as the following file:%Temp%\..\<random file name>.dll (for example, "BB062E.dll") It may register itself as a system service that is loaded by the legitimate Windows process "svchost.exe" by creating the following registry entries: Adds value: "Display Name"With data: "Iprip"In subkey: HKLM\SYSTEM\CurrentControlSet\Services\Iprip It may also inject code into other system processes, such as "winlogon.exe". It also creates the following mutex:FOkeFhPOrxTUHxUfAevRBteVjW!! Payload The .DLL component of TrojanSpy:Win32/Chymine.A is capable of performing the following malicious action:Record keystrokes
Analysis by Francis Allan Tan SengLast update 27 July 2010