Win32/PSW.Sycomp [Threat Name] go to Threat

Win32/PSW.Sycomp.AO [Threat Variant Name]

Category trojan
Size 98688 B
Detection created Jun 25, 2014
Detection database version 9998
Aliases Trojan.Win32.Agent.zkqy (Kaspersky)
  TrojanSpy:Win32/Sycomder.B (Microsoft)
  Trojan.MulDrop5.33827 (Dr.Web)
Short description

Win32/PSW.Sycomp.AO is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan creates the following folder:

  • %appdata%\­svghanx\­

The trojan copies itself to the following location:

  • %appdata%\­svghanx\­shchss.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "frbrbt7"="%appdata%\­svghanx\­shchss.exe"
Information stealing

Win32/PSW.Sycomp.AO is a trojan that steals sensitive information.


The trojan is able to log keystrokes.


The collected information is stored in the following file:

  • %appdata%\­svghanx\­%variable%sys.dat

A string with variable content is used instead of %variable% .


The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (1) FTP addresses. The FTP protocol is used.

Other information

The trojan may create the following files:

  • %temp%\­gh_nlef.bat
  • %temp%\­frbrt7.bat
  • %temp%\­frbrt7._eg
  • %temp%\­f_ufiwst.bat
  • %temp%\­f_ufiwst.reg

Please enable Javascript to ensure correct displaying of this content and refresh this page.