Technical Details
This spy program is designed to steal confidential information. It is a Windows Dynamic Link Library (PE DLL file). It is 15 360 bytes in size. It is written in C++.
Payload
The library exports a range of functions designed to track the user's keyboard entries, mouse entries, and windows opened by the user. To do so, the Trojan uses an exportable "StartL" function to set hook procedures that control keystroke and mouse messages. It also reads the headers of windows into which data is entered. The installed hooks can be removed with the "StopL" function. The gathered data is saved to a certain file using the "FlushBuffer" and "SaveE" functions. The path to this file is set with the "SetLOpt" function before the "StartL" function is called.
Žádné komentáře:
Okomentovat