TROJ_LEGMIR


 ALIASES:

OnLineGames, Delf, Magania, Gampass, Dropper, DelpDldr, Games, Pupack

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet

LEGMIR is a family of information stealers. Its primary routine is to steal user names and passwords used in online games.

In 2007, some website compromises were found to have distributed LEGMIR together with other information stealers.

  TECHNICAL DETAILS

Memory Resident:

Yes

Installation

This Trojan drops the following files:

  • %System%\HBWOW.dll
  • %System%\System.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)