Win32/Spy.Matles [Threat Name] go to Threat

Win32/Spy.Matles.C [Threat Variant Name]

Category trojan
Size 53248 B
Detection created Feb 09, 2015
Detection database version 11150
Aliases Worm.Win32.AutoRun.mqi (Kaspersky)
  Worm:Win32/Autorun.XFR (Microsoft)
  Trojan.Keylog.594 (Dr.Web)
Short description

Win32/Spy.Matles.C is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %system%\­malwarefilename%.exe

The file is then executed.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "win32" = %system%\­malwarefilename%.exe"
Information stealing

Win32/Spy.Matles.C is a trojan that steals sensitive information.


The trojan is able to log keystrokes.


The collected information is stored in the following file:

  • %system%\­win.txt

The following information is collected:

  • computer IP address
  • computer name

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail. The SMTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.