WebMailSpy
It keeps record of every outgoing and incoming mail and their passwords. It runs on victimâs computer in hidden stealth mode. It also includes elevated threats that are typically installed without adequate notice and consent, and may make
unwanted changes to system, such as reconfiguring browserâs homepage and search settings. These threats may install advertising-related add-ons, including toolbars and search bars, or insert advertising-related components into the Winsock
Layered Service Provider chain. These new add-ons and components may block or redirect preferred network connections, and can negatively impact computerâs performance and stability. Elevated threats may also collect, transmit, and share potentially
sensitive data without adequate notice and consent.0
General information:
| Malware Name: |
WebMailSpy |
| Malware Type: |
Key Logger |
| Company Name: |
ExploreAnywhere |
| Company URL: |
http://www.exploreanywhere.com/
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation. |
Company Description:
Exploreanywhere Software, LLC is a privately held corporation located on the eastern seaboard of the United States in the small state of New Hampshire. Originally founded in Quarter 4 of 2001, ExploreAnywhere Software has grown from a small software
company to a highly recognizable company specializing in computer monitoring software for parents, corporations, and educational facilities. ExploreAnywhere Software filed for its incorporation within just four months of it's founding and continues
to grow and expand to this day thanks to its customers. Its computer monitoring and surveillance software has been professionally critiqued and publicized by many of the most prestigious news agencies in the world.
Spyware Description:
It keeps record of every outgoing and incoming mail and their passwords. It runs on victimâs computer in hidden stealth mode. It also includes elevated threats that are typically installed without adequate notice and consent, and may make
unwanted changes to system, such as reconfiguring browserâs homepage and search settings. These threats may install advertising-related add-ons, including toolbars and search bars, or insert advertising-related components into the Winsock
Layered Service Provider chain. These new add-ons and components may block or redirect preferred network connections, and can negatively impact computerâs performance and stability. Elevated threats may also collect, transmit, and share potentially
sensitive data without adequate notice and consent.0
Characteristics/Symptoms:
-> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0
Additional information might be found here:
Processes Running:
wmsmod32.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\Program Files\ExploreAnywhere\WebMail Spy\database.dat |
7608 |
DAT File |
| C:\Program Files\ExploreAnywhere\WebMail Spy\eula.txt |
9302 |
Text Document |
| C:\Program Files\ExploreAnywhere\WebMail Spy\wmsmod32.exe |
437760 |
Application |
Folder information Created after Installation:
| Folder Location |
| C:\Program Files\ExploreAnywhere |
| C:\Program Files\ExploreAnywhere\WebMail Spy |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_LOCAL_MACHINE |
SOFTWAREMicrosoftWindowsCurrentVersionUninstallWebMail Spy |
DisplayName |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\ExploreA\WMS |
site_url |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebMail Spy |
UninstallString |
