Win32/Puvespia [Threat Name] go to Threat

Win32/Puvespia.A [Threat Variant Name]

Category trojan
Size 65888 B
Detection created Jul 01, 2014
Detection database version 10029
Aliases Trojan-Banker.Win32.ChePro.mby (Kaspersky)
  RDN/PWS-Banker!dg.trojan (McAfee)
  Lebros.VL.trojan (AVG)
Short description

Win32/Puvespia.A is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The file is run-time compressed using UPX .

Installation

The trojan is probably a part of other malware.


The trojan creates the following file:

  • %temp%\­vup.exe (105472 B, Win32/Puvespia.A)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "vup" = "%temp%\­vup.exe"
Information stealing

The trojan collects the following information:

  • screenshots

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (4) URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

The trojan keeps various information in the following Registry key:

  • [HKEY_CURRENT_USER\­Software\­VUP]

Please enable Javascript to ensure correct displaying of this content and refresh this page.