Virus:TR/PSW.LdPinch.aki
Date discovered:09/04/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:138.756 Bytes
MD5 checksum:a27111f079c7521a7772316532c17aaa
VDF version:6.34.00.161

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-PSW.Win32.LdPinch.aki
   •  TrendMicro: TROJ_BAGLE.DZ
   •  Bitdefender: Trojan.PWS.LDPinch.IE


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Steals information

 Files It deletes the initially executed copy of itself.

 Backdoor Contact server:
The following:
   • http://www.eko-grant.ru/images/**********

As a result it may send some information. This is done via the HTTP POST method using a PHP script.


Sends information about:
    • Computer name
    • Current user
    • Information about running processes
    • Collected information described in stealing section
    • System directory
    • User shell folders
    • Windows directory

 Stealing It tries to steal the following information:

– Passwords from the following programs:
   • Far
   • Windows Commander
   • Total Commander
   • CuteFTP
   • CuteFTP Pro
   • WS_FTP

 Injection – It injects itself as a remote thread into a process.

    Process name:
   • iexplore.exe


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Andrei Gherman on Tuesday, April 11, 2006
Description updated by Andrei Gherman on Tuesday, April 11, 2006

Back . . . .