English 
WinSpy WinSpy
By
Domesticus in Remote Administration Tools |
123 views
Rate it: 
(No Ratings Yet)
Loading ...
(No Ratings Yet) Loading ...
WinSpy Description
WinSpy is a keylogger that allows its users to monitor multiple computers on a network, whether the PCs are online or offline. WinSpy observes and records user activity, monitors network connections, logs keystrokes, takes regular screenshots, captures online chat conversations and pictures from a webcam, records e-mail messages, passwords and web sites visited. WinSpy hides deeply in the system and is able to hide its running processes.
www.WinSpy.com
Type: Remote Administration Tools
Automatic Detection of WinSpy
WinSpy Technical Report
As new WinSpy details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following WinSpy files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| WinSpyDemo.exe | 1294336 | d1a05bb22602b3a274765320b99b72ab |
WinSpy has typically the following processes in memory:
- winspy.exe
- csrss.ex_
- winvid703.exe
- idws.dll
- qual.dll
- smtt.dll
- winsys.exe
- idws.dll
- qual.dll
- smtt.dll
- win-spy eval setup.exe
- smt.exe
- wsdll.exe
- fso.dll
- keyn.dll
- serm.dll
- smt.exe
- fso.dll
- keyn.dll
- serm.dll
- WinSpyDemo.exe
- winsys.exe
- winsyst.exe
- uni3218.exe
- fld.dll
- keyf.dll
- sere.dll
- getthem.bat
- fld.dll
- keyf.dll
- sere.dll
- smt.exe
WinSpy created the following directories, files, paths:
- %ProgramFiles%\WinSpy Demo
WinSpy creates the following registry entries:
- Microsoft\Installer\Products\E810B04815519D541975B37E0E5EE945
- Microsoft\Installer\Features\E810B04815519D541975B37E0E5EE945
Important Article Disclaimer
This entry was posted
on 04/8/08 and is filed under Remote Administration Tools.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
