Home / malware

PDF

PWS:Win32/Delmes.A

First posted on 17 September 2010.
Source: SecurityHome

Aliases :

PWS:Win32/Delmes.A is also known as PSW.Banker5.BJCY (AVG), TR/Spy.Banker.AZ.4 (Avira), Win32/Spy.Banker.VAK (ESET), not-a-virus:PSWTool.Win32.MailPassView.hj (Kaspersky), Generic PWS.y!cug (McAfee), Sus/Delp-C (Sophos), Adware.Adtomi (Symantec).

Explanation :

PWS:Win32/Delmes.A is a trojan that gathers stored email account credentials and sends the captured data to a predefined email address.
Top

PWS:Win32/Delmes.A is a trojan that gathers stored email account credentials and sends the captured data to a predefined email address. InstallationThis trojan may be installed by other malware and may be present as the following:

%windir%\system32\lsass.cpl

Payload Captures and distributes email account details
PWS:Win32/Delmes.A collects stored email credentials from the following email client software and send the captured data to a predefined email address:

Outlook Express

Microsoft Outlook 2000/2002/2003/2007/2010

Windows Mail

Windows Live Mail

Mozilla Thunderbird

Eudora

Netscape

IncrediMail

Group Mail

PWS:Win32/Delmes.A also collects stored email credentials for the following web mail services if they are saved by various other software on the local drive, and sends the captured data to a predefined email address:

Hotmail

Gmail

Yahoo Mail

Analysis by Shawn Wang

Last update 17 September 2010

 

TOP