PWS:Win32/Reveton.B
PWS:Win32/Reveton.B is password stealing Trojan that is a component of the ransomware. PWS:Win32/Reveton.B uses exploit kits like Blacole as an infection vector. Once an exploit kit installs PWS:Win32/Reveton.B on a targeted computer system, the ransomware will start contacting its command and control (C&C) server. PWS:Win32/Reveton.B downloads information about the system's external IP address, for example the Internet provider, city, and country. PWS:Win32/Reveton.B additionally downloads a DLL which makes the lock screen. The downloaded information is compressed and stored in a container in %APPDATA%\[RANDOM NAME].pad so it is available offline. PWS:Win32/Reveton.B is also equipped with its own portable executable-loader; it is able to load the DLL directly from the container. PWS:Win32/Reveton.B locks the vulnerable computer, shows a fake warning message and asks the victim to pay the so-called fine to restore access to the PC. PWS:Win32/Reveton.B downloads the password-stealer component from the C&C server and executes it in memory. PWS:Win32/Reveton.B can steals passwords for a comprehensive selection of file downloaders, remote control applications, FTP, poker, chat and e-mail clients, as well as passwords stored by web browsers and in protected storage. However, as PWS:Win32/Reveton.B can load almost any DLL served by the C&C on the fly, this might change.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %APPDATA%\[RANDOM NAME].pad |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.