Home / malwarePDF  

PWS:Win32/Pemsepos.A


First posted on 27 March 2009.
Source: SecurityHome

Aliases :

PWS:Win32/Pemsepos.A is also known as Also Known As:Troj/LdPinch-SB (Sophos), Win32/PSW.Agent.NKU (ESET), Win32/LdPinch.UC (CA), Trojan-PSW.Win32.Agent.mhw (Kaspersky), Trojan.PWS.Agent.HLVV (VirusBuster), Infostealer (Symantec).

Explanation :

PWS:Win32/Pemsepos.A is a DLL file that is usually dropped and installed by other threats as a Winsock namespace service provider.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

PWS:Win32/Pemsepos.A is a DLL file that is usually dropped and installed by other threats as a Winsock namespace service provider. It may arrive in the system as a file with the following name format:
<system folder>lsp<random 3 letters>.dll Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32. When executed, it gathers passwords stored by the following applications, if installed: Direct FTP
CuteFTP
Far Manager
Filezilla
FlashFXP
Outlook
IncrediMail
SmartFTP
Ipswitch WS_FTP
Total Commander
Windows Commander It then sends the gathered data to a remote server using HTTP POST.

Analysis by Marian Radu

Last update 27 March 2009

 

TOP