Gypthoy Malware Traffic Sample PCAP File Download

Download Attachments

Gypthoy Malware Traffic Sample PCAP File Download

 

Threat behavior

PWS:Win32/Gypthoy.A is a trojan that is specifically used to capture personal information, such as user names and passwords, and then send that information to a remote attacker.
Installation
PWS:Win32/Gypthoy.A creates the following files on an affected computer:
  • c:\documents and settings\administrator\local settings\temp\fgb.html
  • c:\documents and settings\administrator\local settings\temp\mail1.htm
  • c:\documents and settings\all users\common files\dsc.exe – detected as PWS:Win32/Gypthoy.A
The malware modifies the following registry entries to ensure c:\documents and settings\all users\common files\dsc.exe executes at each Windows start:

 

Leave a Reply