Home / malwarePDF  

PWS:Win32/Delmes.A


First posted on 17 September 2010.
Source: SecurityHome

Aliases :

PWS:Win32/Delmes.A is also known as PSW.Banker5.BJCY (AVG), TR/Spy.Banker.AZ.4 (Avira), Win32/Spy.Banker.VAK (ESET), not-a-virus:PSWTool.Win32.MailPassView.hj (Kaspersky), Generic PWS.y!cug (McAfee), Sus/Delp-C (Sophos), Adware.Adtomi (Symantec).

Explanation :

PWS:Win32/Delmes.A is a trojan that gathers stored email account credentials and sends the captured data to a predefined email address.
Top

PWS:Win32/Delmes.A is a trojan that gathers stored email account credentials and sends the captured data to a predefined email address. InstallationThis trojan may be installed by other malware and may be present as the following:

  • %windir%\system32\lsass.cpl
    • Payload Captures and distributes email account details
    PWS:Win32/Delmes.A collects stored email credentials from the following email client software and send the captured data to a predefined email address:
  • Outlook Express
  • Microsoft Outlook 2000/2002/2003/2007/2010
  • Windows Mail
  • Windows Live Mail
  • Mozilla Thunderbird
  • Eudora
  • Netscape
  • IncrediMail
  • Group Mail
    • PWS:Win32/Delmes.A also collects stored email credentials for the following web mail services if they are saved by various other software on the local drive, and sends the captured data to a predefined email address:
  • Hotmail
  • Gmail
  • Yahoo Mail


    • Analysis by Shawn Wang

    Last update 17 September 2010

     

    TOP

    Malware :

    Family: