So, in reality, all it does is send an e-mail using Gmail. It will then display a page with a button, which just gives an error when clicked upon. If the e-mail is send succesfully, it will display that the server was installed succesfully: Going through the code, I can confirm that the only thing it does, is to send an e-mail (more on that later). When you run the application, it initially doesn't do anything until you get to the login-page. In fact, it uses a plugin to handle the mail sending, which I suppose is the reason why this tool was chosen in the first place. Being built in AMS, it's far from real programming. There are some image files included, including Pyre Fierceshot renamed as "Kyle":Īt this point, we don't see anything special - however, with my unpacking, I was able to go through the code of the application. I went ahead and unpacked the malware, which is in reality just a AutoPlay Media Studio application which is used to build interactive CD-menus (when that was still relevant). This has been written with the single purpose of collecting login information about Guild Wars accounts. With my analyzing of the malware, I can verify that it doesn't contain anything else like a private server or does anything even close like it reports to. It also contains a few images, which you can see when the tool runs, and some that aren't used. The reason why this file is so large, is because it contains a video (containing a trailer for GW) which is 82.7 MB big. The malware itself presents itself as a 92 MB file, but in reality it's about 10 MB big. So, this will be the final write-up I hope about the malware.
0 Comments
Leave a Reply. |