Home / malwarePDF  

TrojanSpy:Win32/Chymine.A


First posted on 27 July 2010.
Source: SecurityHome

Aliases :

There are no other names known for TrojanSpy:Win32/Chymine.A.

Explanation :

TrojanSpy:Win32/Chymine.A is the detection for malware dropped by Trojan:Win32/Chymine.A. It is capable of logging user keystrokes.
Top

TrojanSpy:Win32/Chymine.A is a keylogging malware dropped by Trojan:Win32/Chymine.A. Installation TrojanSpy:Win32/Chymine.A may be dropped and installed in the computer by Trojan:Win32/Chymine.A. It usually arrives as the following file:

  • %Temp%\..\<random file name>.dll (for example, "BB062E.dll")
  • It may register itself as a system service that is loaded by the legitimate Windows process "svchost.exe" by creating the following registry entries: Adds value: "Display Name"With data: "Iprip"In subkey: HKLM\SYSTEM\CurrentControlSet\Services\Iprip It may also inject code into other system processes, such as "winlogon.exe". It also creates the following mutex:
  • FOkeFhPOrxTUHxUfAevRBteVjW!!
  • Payload The .DLL component of TrojanSpy:Win32/Chymine.A is capable of performing the following malicious action:
  • Record keystrokes


  • Analysis by Francis Allan Tan Seng

    Last update 27 July 2010

     

    TOP