Technical Details
This Trojan has a malicious payload. It is a Windows .Net application (PE EXE file). It is 5120 bytes in size. It is written in Visual Basic .Net.
Payload
Once launched, the Trojan monitors the clipboard and upon detection of the following expressions, which correspond to WebMoney payment system wallets:
R<num1>
U<num1>
Z<num1>
41001<num2>
where <num1> is a random set of 12 numbers, and <num2> is a random set of 9 numbers
It substitutes the found value to the following, respectively:
R5248***0497
U21356***03905
Z35200***35009
41001709***826A
Žádné komentáře:
Okomentovat