| Name: | Hooker |
| Aliases: | Win32.PSW.Hooker, Trojan.PSW.Hooker, PWS.Hooker, DUNpws.bo, |
| Ports: | 80 |
| Files: | Hooker24sour.zip - 94,272 bytes Hooker2.4.zip - 93,785 bytes Hooker2.5.zip - 133,209 bytes Hooker2.52.zip - 28,799 bytes Hooker.exe - 15,982 bytes Hooker.exe - 21,504 bytes Hooker.exe - 38,912 bytes Hooker.dat - 21,504 bytes Hconf.exe - 8,192 bytes Hoconf.exe - 59,392 bytes Hooconf.exe - 90,107 bytes Hconf.ini - 3,072 bytes Hconf.ini - 3,161 bytes Hconf.ini - 3,477 bytes Hcheck.exe - Hkconf.exe - 8,192 bytes Hkconf.exe - 13,312 bytes Hkconf.exe - 38,912 bytes Infected.exe - Dropper.dat - 8,704 bytes Config.bat - 28 bytes Kernel32.exe - |
| Created: | July 1999 |
| Requires: | |
| Actions: | Keylogger / Downloading trojan / Steals passwords |
| Can download and execute programs using port 80. The keylogging DLLis packed by LZW. It can send information via mails on a regular schedule.Hooker can delete itself on a preconfiguered date. | |
| Versions: | 1.0, 2.0, 2.2, 2.3, 2.4, 2.5, 2.52, |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ HKEY_LOCAL_MACHINE\So ftware\Microsoft\Windows\CurrentVersion\RunServices\ HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\RunServicesOnce\ HKEY_CURRENT_USER\Software\Mi crosoft\Windows\CurrentVersion\Run\ HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\RunOnce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVer sion\RunServices\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru nServicesOnce\ |
| Notes: | Works on Windows 95, 98, ME, NT and 2000. ˆ Source code isavailable. Works together with ICQ 99 a. |
| Country: | written in Russia |
| Program: | Written in C++ 5. |