Trojan-GameThief.Win32.Magania

Detect Date 10/05/2009
Class Trojan-GameThief
Platform Win32
Description

This Trojan belongs to the family of Trojans that steals passwords from online gaming user accounts. It is a Windows application (PE EXE file). The file is 126 464 bytes in size. It is packed using ASPack. The unpacked file is approximately 516 KB in size. It is written in C++.

Installation

Once launched, the Trojan copies its original body to the current user’s temporary files directory under the following name:

%Temp%herss.exe

It assigns “Hidden”, “Read Only”, and “System” attributes to this file. In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry autorun key:




[HKCUSoftwareMicrosoftWindowsCurrentVersionRun]



"cdoosoft"="%Temp%herss.exe"