Win32/Spy.KeyLogger [Threat Name] go to Threat

Win32/Spy.KeyLogger.OMW [Threat Variant Name]

Category trojan
Size 176180 B
Detection created Jun 18, 2014
Detection database version 10352
Aliases Trojan.Win32.Agent.ahvju (Kaspersky)
  Trojan:Win32/Sisproc!gmb (Microsoft)
  Infostealer.Donx (Symantec)
Short description

Win32/Spy.KeyLogger.OMW is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%\­waho.exe

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects the following information:

  • logged keystrokes
  • data from the clipboard

The collected information is stored in the following file:

  • %temp%\­h2.html

The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used.

Other information

The trojan keeps various information in the following Registry keys:

  • [HKEY_CURRENT_USER\­VB and VBA Program Settings\­%startup%\­Timesy]
  • [HKEY_CURRENT_USER\­VB and VBA Program Settings\­%startup%\­Settimes]
  • [HKEY_CURRENT_USER\­VB and VBA Program Settings\­%startup%\­babag]
  • [HKEY_CURRENT_USER\­VB and VBA Program Settings\­%startup%\­logs]
  • [HKEY_CURRENT_USER\­VB and VBA Program Settings\­%startup%\­mark]

Please enable Javascript to ensure correct displaying of this content and refresh this page.