Virus:TR/PSW.WOW.CR
Date discovered:06/07/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:172.219 Bytes
MD5 checksum:d2ee8eab344738d2186e3ca657469690
VDF version:6.35.00.126
IVDF version:6.35.00.154 - Wednesday, July 12, 2006

 General Method of propagation:
   • No own spreading routine
   •  Symantec: Infostealer
   •  Mcafee: PWS-WoW
   •  Kaspersky: Trojan-PSW.Win32.WOW.cr
   •  TrendMicro: TSPY_WOW.CH
   •  Bitdefender: Trojan.PWS.WOW.U


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %PROGRAM FILES%\Internet Explorer\test.exe

 Registry – HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "ChinaRed"="%PROGRAM FILES%\Internet Explorer\test.exe"

 Stealing It tries to steal the following information:

– The following CD key:
   • World of Warcraft

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Ionut Slaveanu on Thursday, August 24, 2006
Description updated by Ionut Slaveanu on Thursday, August 24, 2006

Back . . . .