.: GWGhost 2.5 A5 with Dropper :.
Released 20 years, 4 months ago. Feb 2002
By Machine_GW::actions
Additional Details
- From: China
- Coded by: Machine_GW
- Version: GWGhost 2.5 A5 with Dropper
- Released date: Feb 2002, 20 years, 4 months ago.
- Family: GWGhost
- Category: Information Stealer
MegaSecurity Notes
SetGhost (239.360 bytes) does drop the followingfiles: c:\WINDOWS\SYSTEM\Config c:\WINDOWS\SYSTEM\DXInput.dll c:\WINDOWS\SYSTEM\gwghost.exe c:\WINDOWS\SYSTEM\SCANREGW.EXE c:\WINDOWS\SYSTEM\SetGhost.exe (185.344 bytes) startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" Old data: C:\WINDOWS\scanregw.exe /autorun New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun Server: c:\WINDOWS\SYSTEM\scanregw.exe size: 35.584 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" Old data: C:\WINDOWS\scanregw.exe /autorun New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun added: c:\WINDOWS\SYSTEM\DXInput.dll
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.