WinPass

WinPass is a program that captures and logs keystrokes on the computer without the user's knowledge and consent. The logged data may be encrypted and is typically sent to a remote attacker. The key logger is usually hidden from the user and may use cloaking (rootkit) technology to hide from other software in order to evade detection by anti-malware applications. Key loggers may be installed by trojans with other malicious software through exploits, and are often used by online criminal gangs to facilitate identity theft and bank fraud operations.0

General information:

Malware Name: WinPass
Malware Type: Key Logger
Company Name: iQuesoft-Online
Company URL: http://www.iquesoft-online.com
Threat Level: Elevated Risk
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation.

Company Description:

iQuesoft-Online provides Personal and security software. One of its software is WinPass. WinPass makes it easy to retrieve the information you need quickly while maintaining strong security. Unlike most password management programs, WinPass operates locally on your PC and not on the Internet. The program can be used by more than one user on the same PC and keeps independent user settings when Windows logon accounts are used.

Spyware Description:

WinPass is a program that captures and logs keystrokes on the computer without the user's knowledge and consent. The logged data may be encrypted and is typically sent to a remote attacker. The key logger is usually hidden from the user and may use cloaking (rootkit) technology to hide from other software in order to evade detection by anti-malware applications. Key loggers may be installed by trojans with other malicious software through exploits, and are often used by online criminal gangs to facilitate identity theft and bank fraud operations.0

Characteristics/Symptoms:

    -> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0

Additional information might be found here:

google Search at Google for WinPass
bing Search at Bing for WinPass
yahoo Search at Yahoo for WinPass

Processes Running:

WinPass.exe

File information Created after Installation:

File Location Size (Bytes) Type
C:\Documents and Settings\All Users\Desktop\WinPass.lnk 1462 Shortcut
C:\Documents and Settings\All Users\Start Menu\Programs\WinPass - Password Management\WinPass Help Documentation.lnk 559 Shortcut
C:\Program Files\WinPass\WinPass.exe 516096 Application

Folder information Created after Installation:

Folder Location
C:\Program Files\WinPass

Registry information Created after Installation:

Main Registry Key Sub Registry Key Key Value Name
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} VersionMajor
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} VersionMinor
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} WindowsInstaller