TSPY_GINA.AR
PWS:Win32/GinaPass.A!dha (Microsoft); Trojan-PSW.Win32.GinaPass.c (Kaspersky); TrojanPSW.GinaPass (VBA32); Trojan-PWS.Win32.GinaPass.C (Ikarus); W32/GinaPass.C!tr.pws (Fortinet); TR/PSW.GinaPass.C.5 (Avira)
Windows
Threat Type: Spyware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This spyware may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It is a component of other malware.
It exports functions used by other malware. It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
24,647 bytes
DLL
01 Oct 2012
Arrival Details
This spyware may arrive bundled with malware packages as a malware component.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This spyware is a component of other malware.
Other Details
This spyware exports functions used by other malware.
It requires its main component to successfully perform its intended routine.
NOTES:
It requires the existence of the following registry to properly run:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon GinaDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon NeedCtrlAltDel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon AllowProtectedSS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Logoff UserScript
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Logoff SystemScript
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Logoff LogFile
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Logoff Timeout
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shutdown Script
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shutdown LogFile
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shutdown Account
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shutdown Password
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shutdown Timeout