Analysis by: Anthony Joe Melgarejo
ALIASES:

HackTool:MSIL/Wpakill.A (Microsoft), Crack-WindowsWGA.a (McAfee), not-a-virus.Crack.RemoveWAT (Ikarus)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Cracking Application

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This cracking application may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

  TECHNICAL DETAILS

Tamaño del archivo Varies
Tipo de archivo EXE
Residente en memoria No
Fecha de recepción de las muestras iniciales 07 Apr 2011

Arrival Details

This cracking application may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

Installation

This cracking application drops the following files:

  • %System%\slwga.dll
  • %System%\systemcpl.dll

(Note: %System% is the Windows system folder, which is usually C:\Windows\System32.)

NOTES:
It displays a windows where it requires user interaction to click certain buttons consecutively to perform its intended routine.