TSPY_LEGMIR


 ALIASES:

OnLineGames, Delf, Magania, Gampass, Dropper, DelpDldr, Games, Pupack

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Spyware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet

LEGMIR is a family of information stealers. Its primary routine is to steal user names and passwords used in online games.

In 2007, some website compromises were found to have distributed LEGMIR together with other information stealers.

  TECHNICAL DETAILS

Memory Resident:

Yes

Installation

This spyware drops the following files:

  • %System%\HBWOW.dll
  • %System%\System.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)