WinPass
WinPass is a program that captures and logs keystrokes on the computer without the user's knowledge and consent. The logged data may be encrypted and is typically sent to a remote attacker. The key logger is usually hidden from the user and may
use cloaking (rootkit) technology to hide from other software in order to evade detection by anti-malware applications. Key loggers may be installed by trojans with other malicious software through exploits, and are often used by online criminal
gangs to facilitate identity theft and bank fraud operations.0
General information:
| Malware Name: |
WinPass |
| Malware Type: |
Key Logger |
| Company Name: |
iQuesoft-Online |
| Company URL: |
http://www.iquesoft-online.com
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation. |
Company Description:
iQuesoft-Online provides Personal and security software. One of its software is WinPass. WinPass makes it easy to retrieve the information you need quickly while maintaining strong security. Unlike most password management programs, WinPass operates
locally on your PC and not on the Internet. The program can be used by more than one user on the same PC and keeps independent user settings when Windows logon accounts are used.
Spyware Description:
WinPass is a program that captures and logs keystrokes on the computer without the user's knowledge and consent. The logged data may be encrypted and is typically sent to a remote attacker. The key logger is usually hidden from the user and may
use cloaking (rootkit) technology to hide from other software in order to evade detection by anti-malware applications. Key loggers may be installed by trojans with other malicious software through exploits, and are often used by online criminal gangs
to facilitate identity theft and bank fraud operations.0
Characteristics/Symptoms:
-> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0
Additional information might be found here:
Processes Running:
WinPass.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\Documents and Settings\All Users\Desktop\WinPass.lnk |
1462 |
Shortcut |
| C:\Documents and Settings\All Users\Start Menu\Programs\WinPass - Password Management\WinPass Help Documentation.lnk |
559 |
Shortcut |
| C:\Program Files\WinPass\WinPass.exe |
516096 |
Application |
Folder information Created after Installation:
| Folder Location |
| C:\Program Files\WinPass |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} |
VersionMajor |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} |
VersionMinor |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3E94B4-D9E7-4C56-9496-68254A07D808} |
WindowsInstaller |
