Win32/PSW.Dipwit [Threat Name] go to Threat

Win32/PSW.Dipwit.O [Threat Variant Name]

Category trojan
Size 49664 B
Aliases Trojan-GameThief.Win32.OnLineGames.xcsr (Kaspersky)
  PWS-Mmorpg!rb (McAfee)
  Trojan:Win32/Pubavid.B (Microsoft)
Short description

Win32/PSW.Dipwit.O is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan drops one of the following files in the %webmoneyrootfolder% folder:

  • inetmib1.dll

After the installation is complete, the trojan deletes the original executable file.

Information stealing

The trojan collects information related to the following applications:

  • WebMoney Keeper Classic

The trojan collects the following information:

  • computer name
  • user name
  • hardware information

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address. The HTTP protocol is used.

Other information

The trojan hooks the following Windows APIs:

  • SysAllocString (oleaut32.dll)
  • CryptUnprotectData (crypt32.dll)

Please enable Javascript to ensure correct displaying of this content and refresh this page.