Analysé par: Rika Joi Gregorio   
 

MonitoringTool:Win32/SnoopIt, MonitoringTool:Win32/ThePCDetective, Backdoor:Win32/Pasur!rts(Microsoft), Win32/Monitor.SniperSpy application, Win32/PCDetective.C application, Win32/Optix.Pro.13 trojan(Eset)

 Plate-forme:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 Overall Risk:
 reportedInfection:
 System Impact Rating: :
 Information Exposure Rating::
Faible
Medium
Élevé
Critique

  • Type de grayware:
    Spyware

  • Destructif:
    Non

  • Chiffrement:
     

  • In the wild::
    Oui


  Détails techniques

File size: 2,239,559 bytes
File type: EXE
Memory resident: Non
Date de réception des premiers échantillons: 07 avril 2011

Installation

Schleust folgende Komponentendateien ein:

  • %Program Files%\Retina-X Studios\AceSpy\contlist.ndx
  • %Program Files%\Retina-X Studios\AceSpy\keylist.ndx
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\acecache\_ace03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\appcache\_app03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\eventcache\_event03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache\key20130320055357.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache\KeyLog03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache\scr03202013055355.jpg
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache\scrlog03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\wincache\app03202013.log
  • %Program Files%\Retina-X Studios\AceSpy\urlfname.ndx
  • %Program Files%\Retina-X Studios\AceSpy\userlist.ndx
  • %Program Files%\Retina-X Studios\AceSpy\winlist.ndx

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Erstellt die folgenden Ordner:

  • {All User's Profile}\Start Menu\Programs\AceSpy
  • %Program Files%\Retina-X Studios
  • %Program Files%\Retina-X Studios\AceSpy
  • %Program Files%\Retina-X Studios\AceSpy\LOGS
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\acecache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\appcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\clipcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\emailcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\eventcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\iecache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\msgcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\prncache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\recentcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\taskcache
  • %Program Files%\Retina-X Studios\AceSpy\LOGS\wincache

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Andere Systemänderungen

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_CURRENT_USER\Software\VnSI4H Softwares

HKEY_CURRENT_USER\Software\VnSI4H Softwares\
StealthAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\RXS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\mchInjDrv

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\RXS
thePassword = "{password}"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\mchInjDrv
ImagePath = "\??\%User Temp%\mc2B.tmp"