Win32/Spy.Swisyn [Threat Name] go to Threat

Win32/Spy.Swisyn.AI [Threat Variant Name]

Category trojan
Size 1477678 B
Detection created Mar 24, 2010
Detection database version 4971
Aliases Trojan-Spy.Win32.KeyLogger.dzk (Kaspersky)
  Generic.Dropper.pd (McAfee)
  Trojan:Win32/Orsam!rts (Microsoft)
Short description

Win32/Spy.Swisyn.AI is a trojan that steals sensitive information. The trojan can send the information to a remote machine.


When executed, the trojan creates the following files:

  • %appdata%\­rundll.exe (427008 B, Win32/Spy.Swisyn.AI)
  • %appdata%\­nt.dll (512000 B, Win32/Spy.Swisyn.AI)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Rundll32" = "%appdata%\­rundll.exe"
Information stealing

The trojan collects the following information:

  • user name
  • computer name

The trojan is able to log keystrokes.

The collected information is stored in the following file:

  • %appdata%\­drivers.log

The trojan attempts to send gathered information to a remote machine.

The trojan contains a list of (1) URLs. The HTTP protocol is used.

Other information

The trojan quits immediately if it detects a running process containing one of the following strings in its name:

  • avp.exe

The trojan creates the following files:

  • run.bat

Please enable Javascript to ensure correct displaying of this content and refresh this page.