TSPY_LDPINCH.SG

 Analysis by: Rhena Inocencio

 ALIASES:

PWS:Win32/Ldpinch.DB (Microsoft), Trojan.Win32.Yakes.bbxr (Kaspersky), Troj/Yakes-K (Sophos)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Spyware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

958,005 bytes

File Type:

EXE

Memory Resident:

No

Initial Samples Received Date:

30 Nov 2012

Arrival Details

This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

NOTES:

It attempts to steal stored account information of the following installed FTP clients or File Managers:

  • 32BitFtp
  • BulletProof FTP
  • Classic FTP
  • CoffeeCup FTP
  • Core FTP
  • CuteFTP
  • Dev Zero G FTP
  • FAR Manager FTP
  • FFFTP
  • FTP Commander
  • FTP Explorer
  • FTPCON
  • FTPRush
  • FTPWar
  • FreeFTP/DirectFTP
  • Frigate3 Ftp
  • GlobalSCAPE CuteFTP
  • Ipswitch FTP
  • LEAPFTP
  • MPPFTP
  • SmartFTP
  • SoftX FTP
  • Sota FFFTP
  • TurboFTP