HKTL_WPAKILL.GB
HackTool:Win32/Wpakill.C (Microsoft); Crack-WindowsWGA.b (McAfee); HackTool.Win32.WinCred.b (Kaspersky)
Windows
Threat Type: Hacking Tool
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.
TECHNICAL DETAILS
Arrival Details
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be manually installed by a user.
Installation
This Hacking Tool drops the following files:
- %User Temp%\chew-wga.log
- %User Temp%\ir_ext_temp_0\AutoPlay\Audio\Click1.ogg
- %User Temp%\ir_ext_temp_0\AutoPlay\Audio\High1.ogg
- %User Temp%\ir_ext_temp_0\AutoPlay\Audio\Shekere.ogg
- %User Temp%\ir_ext_temp_0\AutoPlay\autorun.cdd
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\Baslat.Btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\button.btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\Cik11.Btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\Cik-2.Btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\Home2.Btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Buttons\Sol-4.Btn
- %User Temp%\ir_ext_temp_0\AutoPlay\Icons\mainicon.ico
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\credits-screen.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\done-install.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\done-uninstall.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\genuine-chew.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\install-error.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\main-screen.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\uninstall-error.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\wait-install.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\wait-uninstall.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\win7-logo.jpg
- %User Temp%\ir_ext_temp_0\AutoPlay\Images\Win7VistaLogo.png
- %User Temp%\ir_ext_temp_0\AutoPlay\Plugins\IRDissolveTransition.tns
- %User Temp%\ir_ext_temp_0\AutoPlay\Scripts\chew.enc
- %User Temp%\ir_ext_temp_0\autorun.exe
- %User Temp%\ir_ext_temp_0\autorun.exe.mbxcfg
- %User Temp%\ir_ext_temp_0\mainicon.ico
- %User Temp%\_ir_tmpfnt_1\Arial_1.TFT
- %User Temp%\_ir_tmpfnt_1\Trajan Pro.TFT
- %User Temp%\_ir_tmpfnt_1\Calibri_1.TFT
(Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)
Other Details
This Hacking Tool does the following:
- This hacking tool bypasses the genuine check of Microsoft's Windows Genuine Advantage to allow using of pirated versions of Windows.