.: GWGhost 2.5 A5 with Dropper :.

Additional Details

• From: China
• Coded by: Machine_GW
• Version: GWGhost 2.5 A5 with Dropper
• Released date: Feb 2002, 20 years, 4 months ago.
• Family: GWGhost
• Category: Information Stealer

MegaSecurity Notes

SetGhost (239.360 bytes) does drop the followingfiles:
c:\WINDOWS\SYSTEM\Config 
c:\WINDOWS\SYSTEM\DXInput.dll 
c:\WINDOWS\SYSTEM\gwghost.exe 
c:\WINDOWS\SYSTEM\SCANREGW.EXE 
c:\WINDOWS\SYSTEM\SetGhost.exe (185.344 bytes)

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun 
 

Server:
c:\WINDOWS\SYSTEM\scanregw.exe 

size: 35.584 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun 

added:
c:\WINDOWS\SYSTEM\DXInput.dll