Win32/FakeTC [Threat Name]
| Detection created | 2015-06-17 |
Short description
Win32/FakeTC is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.
Installation
Win32/FakeTC can be found as a repackaged (often pirated) legitimate application.
Repackaged legitimate application is one of the following:
- TrueCrypt
The trojan does not create any copies of itself.
The following Registry entries are created:
- [HKEY_CURRENT_USER\Software\sngeudo]
Information stealing
The trojan collects the following information:
- computer name
- user name
- list of files/folders on a specific drive
- operating system version
- login passwords for certain applications/services
The trojan attempts to send gathered information to a remote machine.
Other information
Win32/FakeTC is a trojan that receives data and instructions for its operation from the Internet or a remote computer in a botnet.
The trojan contains a URL address. The HTTPS protocol is used in the communication.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- send the list of files on a specific drive to a remote computer
- upload files to a remote computer
- send gathered information
For further information follow the links below: